WSO2 with OIDC: How to Configure Logout Endpoint

1
votes

I am running WSO2 Identity Server 5.7.0 and using OpenID Connect. I currently receive an invalid redirect error when I navigate to https://MY_DOMAIN/oidc/logout, when I think I should be redirected to a page under the /authenticationendpoint resource. I noticed in the "Logout Endpoint URL" under Resident Identity Provider > Inbound Authentication Configuration > OAuth2/OpenID Connect Configuration is set to "https://MY_DOMAIN:-1/oidc/logout".

I am assuming the Logout Endpoint URL is configured based on the OIDCLogoutEPUrl config value in identity.xml. In my identity.xml file this value is set to ${carbon.protocol}://${carbon.host}:${carbon.management.port}/oidc/logout.

My first question: Is the Logout Endpoint URL value only copied to the database when WSO2 is first run and the databases are initialized?

Followup question: If the answer to that is no, how can I configure that value without re-seeding the database?

Thanks for your help.

1
wso2wso2is

1 Answers

0
votes

Answering to your first question: Logout Endpoint URL will not be added to database during first run. Value is being read from identity.xml -> OAuth -> OIDCLogoutEPUrl always during server start up. However its important to have path "oidc/logout" in order to deliver logout request to "OIDCLogoutServlet" [1].

Once OIDCLogoutServlet receive the logout request further redirection customization you can do by changing OIDCLogoutConsentPage, OIDCLogoutPage.

Reference [1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oidc.session/src/main/java/org/wso2/carbon/identity/oidc/session/internal/OIDCSessionManagementComponent.java#L65