Build an example logout URL and place it near the OIDCRedirectURI config

Reposoft / openidc-keycloak-test

zmartzone/mod_auth_openidc and keycloak combined - self hosted cloud auth

19 stars 6 forks source link

Build an example logout URL and place it near the OIDCRedirectURI config #4

Closed solsson closed 8 years ago

solsson commented 8 years ago

To address #1.

I dont think this kind of internal details should be left to the UI layer, so I added the special URL /logout.

solsson commented 8 years ago

The extra redirect was according to spec in the FAQ: "If the OP supports Session Management then the user will be redirected to the OP for logout as well."

Visit the OIDCProviderMetadataURL to see that Keycloak declares an end_session_endpoint. Let mod_auth_openidc take care of logout as described in https://github.com/pingidentity/mod_auth_openidc/wiki/Session-Management#logout.

solsson commented 8 years ago

Fixes #1. See also #5 for future work.