Logout from personalTokenManagement URL does not work when configured with SAML IDP

[shubjit]

Describe the bug Our Enterprise applications (RP) are configured with a Liberty OpenID Provider which is further configured to a SAML IDP. https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-configuring-saml-web-browser-sso-in

We are utilising Multi-Factor Authentication via a SAML IDP and as this works only for Browser based clients, we are utilising the Liberty Application Password Feature for Native Clients. We are following the instructions from the following URL: https://openliberty.io/blog/2019/09/13/microprofile-reactive-messaging-19009.html#oidc

Most of the features work fine, but the Logout button on this Liberty page does not work. https://Liberty_OP/oidc/endpoint/OP/personalTokenManagement

Steps to Reproduce

• Configure Liberty as an OpenID Provider.
• Configured the Liberty OP to redirect to a SAML IDP
• Configure Application Passwords https://openliberty.io/blog/2019/09/13/microprofile-reactive-messaging-19009.html#oidc
• Access the URL - https://Liberty_OP/oidc/endpoint/OP/personalTokenManagement (Login via SAML IDP)
• Click on Logout
• Refresh the URL https://Liberty_OP/oidc/endpoint/OP/personalTokenManagement and it does not prompt to Login

Please note: when Liberty OP is not delegating to a SAML IDP, the logout seems to work fine.

Expected behavior Logout from /personalTokenManagement should end the session and logout all apps on the Liberty OP

Diagnostic information:

• OpenLiberty or WebSphere Liberty Version: 19.0.0.6 (tested on 21.0.0.6)

Additional context Add any other context about the problem here.

[utle]

Hi @teddyjtorres, please take a look. Thank