By: Brian Merrick user 12 Dec 2014 at 5:07 p.m. CST

1 Response
Brian Merrick gravatar
I am trying to execute the end_session operation found here: http://www.gluu.org/docs/reference/api/oic-end-session/ It is very unclear to me from the description what value is indicated by the id_token_hint parameter. Are there any examples of how this is accomplished?

By Michael Schwartz Account Admin 12 Dec 2014 at 11:10 p.m. CST

Michael Schwartz gravatar
Brian, You send the actual id_token as the hint. See also the spec: http://openid.net/specs/openid-connect-session-1_0.html#RPLogout Note, in order for this to work, you need javascript in every page to detect the logout event, and to notify the application. So for example, if you browser has five tabs open, and one of the tabs initiates a logout, the javascripts in the other tabs should then be able to detect the logout event, and notify their respective back-end applications. Note: this is not that reliable. If the user were to close the tab, the javascript would never run. SAML's solution to logout isn't that great either, it relies on the server to notify the SP that a logout happened via a callback. SAML's logout solution is also notorious for its unrelability. There is no perfect answer for logout, all the solutions involve compromises. The Gluu Server also offers customer logout scripts, which can also provider custom server side business logic for logout.