oxAuth Does Not Enforce Registered `post_logout_redirect_uri`

By: Sathish Kumar S . user 01 Apr 2019 at 2:41 a.m. CDT

1 Response
Sathish Kumar S . gravatar
I am using GLUU 3.1.4 version. I am trying to call end_session api without session_id/id_token_hint. [GLUU Logout](https://gluu.org/docs/ce/3.1.4/operation/logout/#openid-connect-single-log-out-slo) says, *idtokenhint and sessionid parameters are optional. Therefore OP will end session successfully if these parameters are missed. However from other side if RP included them in request OP validates them and if any of those are invalid OP returns 400 (Bad Request) http code.* I need to disable the validation and need to redirect to the post_logout_redirect_uri. Is there any way to perform logout redirect without validation in GLUU 3.1.4?
Ubuntu 16.04
closed

Answers

By Michael Schwartz Account Admin 01 Apr 2019 at 4:18 a.m. CDT

Copy
Michael Schwartz gravatar
You might have to read [the 3.1.4 branch](https://github.com/GluuFederation/oxAuth/tree/version_3.1.4.sp2) code to get your answer. There have been some changes to logout in version 3.1.5 and 3.1.6, so the support team would have to dig into this, which is a little too involved for community support.

Post an answer