By: Praveen Srinivasan user 12 Nov 2021 at 8:47 a.m. CST

1 Response
Praveen Srinivasan gravatar
Hi Team, We are facing below issue in GLUU. Our two different SP's (A and B) using Same IDP (GLUU). When we call logout Endpoint we are passing state parameter and the same should be passed when it redirects back to post_logout_redirect_uri endpoint (as per [OpenID Connect]( )). When A is logging out, it is calling the end_session url of GLUU and logged out successfully from GLUU. And when the user is logging out from B, we are passing some state value as below `https://<GLUUEndpoint>/oxauth/restv1/end_session?id_token_hint=<TokenHint>&state=_xxxxxx.xxxx.xxxx.xxxxx&post_logout_redirect_uri=` GLUU supposed to land me the post_logout_redirect_uri with state value whatever I'm sending. Instead it is just redirecting me to post_logout_redirect_uri alone Expected: `` Current Behaviour: `` Is there a configuration in GLUU where we can enable to pass state value along with post_logout_redirect_uri I've also checked and it has the below response *OPTIONAL. Opaque value used by the RP to maintain state between the logout request and the callback to the endpoint specified by the postlogoutredirecturi parameter. If included in the logout request, **the OP passes this value back to the RP using the state parameter when redirecting the User Agent back to the RP***. But GLUU is not passing the state parameter when landing back to RP

By Michael Schwartz Account Admin 15 Nov 2021 at 2:12 p.m. CST

Michael Schwartz gravatar
Agreed. We can fix it in 4.4. I'm closing this issue. Please track [](