I'm having an issue configuring multiple callback urls for a Service Provider in WSO2 Identity Server. This process is necessary for my team to support SLO (Single Logout) with a post logout redirect url.
Callback URL Configuration
The WSO2 online documentation describes the correct way to do this process here. I have followed those step and configured my Callback URL as follows:
regexp=(http://localhost:8080/login-callback|http://localhost:8080/logout-callback)
This process works, and I am able to configure the two Callback URLs.
Unintended "checksession" Side Effect
Once the callback urls are configured, the checksession endpoint stops working. The error message I get from the endpoint says "Invalid OP IFrame Request". That checksession call uses a url like this: https://<wso2host>/oidc/checksession?client_id=<clientid>
I verified that the checksession endpoint works if I configure either of my redirect urls individually
But fails if I use the regexp syntax. Failure occurs in each of these scenarios:
- regexp=(http://localhost:8080/login-callback|http://localhost:8080/logout-callback)
- regexp=(http://localhost:8080/login-callback)
- regexp=(http://localhost:8080/logout-callback)
Am I missing a configuration step needed for either the callback urls or the checksession endpoint?
