Open shubjit opened 2 years ago
Please confirm if your RP is calling the end_session endpoint directly without any cookies or tokens, or if the RP is redirecting the browser to the end_session endpoint.
@teddyjtorres The flow from our RP is similar to what we raised in https://github.com/OpenLiberty/open-liberty/issues/18177 I have been working with @arunavemulapalli on that and can provide additional traces. I will check internally and update what is being called during the logout.
Describe the bug
We have configured our ELM applications (RP) with Liberty OP which is further delegated to another OIDC Provider using Social Login as OIDC Client https://www.ibm.com/docs/en/was-liberty/core?topic=liberty-configuring-social-login-in#twlp_sec_sociallogin__openid
In this case we have issues with Application logout , where in when we logout of our ELM application (RP), it loops back to the RP and does not logout.
We raised a similar issue when configured with a SAML IDP and it is being worked on by the Security team https://github.com/OpenLiberty/open-liberty/issues/18177
Steps to Reproduce
Configure LIberty as an OpenID Provider
Configure the OP to delegate further to another OIDC provider as OIDC Client using the instructions below https://www.ibm.com/docs/en/was-liberty/core?topic=liberty-configuring-social-login-in#twlp_sec_sociallogin__openid
Configure RP Applications which has a Logout functionality with Liberty OP (Our RP = IBM ELM Solution)
Sample config
Once configured test Logout from the RP application It redirects all the way to OIDC Provider (3rd Party) and behaves as a Login request and is returned back to the RP Application
Expected behavior
Logout should work when initiated from RP
Diagnostic information:
Additional context
NA