When reliant party gets end session to gluu with invalid redirect url: Request method: GET Request URI: https://<host>/oxauth/restv1/end_session?id_token_hint=<id_token_hint_value>&post_logout_redirect_uri=<invalid_redirect_url> Proxy: <none> Request params: id_token_hint=<id_token_hint_value> post_logout_redirect_uri=<invalid_redirect_url> Query params: <none> Form params: <none> Path params: <none> Headers: Accept=/ Content-Type=application/x-www-form-urlencoded; charset=ISO-8859-1 Cookies: org.gluu.i18n.Locale=en session_id=caa9a4ee-d6a0-4db1-a0be-e2d81cac1282 session_state=78a2628089884b67a2ca2c1e426726fe5d752591ad52de902db8744ba02b3185.e7e82ca8-6fea-4ed9-80ff-92c714a54e67 opbs=37799829-b18f-4052-965d-94060e33dc3b Multiparts: <none> Body: <none>- Gluu sends an error response about invalid url with status code 200: HTTP/1.1 200 OK Date: Fri, 21 Aug 2020 06:12:16 GMT Content-Type: text/plain Content-Length: 324 Connection: keep-alive Server: Jetty(9.4.12.v20180830) X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: consent_session_id=;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;HttpOnly Set-Cookie: session_id=;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;HttpOnly Set-Cookie: opbs=;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;HttpOnly {"error":"post_logout_uri_not_associated_with_client","error_description":"The provided post logout uri is not associated with client.","reason":"Session was removed successfully but redirect to post_logout_redirect_uri fails since AS failed to validate it against clients associated with session (which was just removed)."} would exepect a 400 error for an invalid parameter in this case