[Openid-specs-ab] Front Channel Logout URI ?

Mike Jones Michael.Jones at microsoft.com
Tue Nov 3 00:32:47 UTC 2015

Yes, the end_session_endpoint OP discovery URL can be used by RPs to trigger logout at the OP.  This is true for all three of the session management/logout specifications.  This functionality is shared between all of them.  There's no "differentiation", by design.

Answering your specific question, it's up to the OP whether it renders the front channel logout iframes in the page at the location specified by end_session_endpoint OP discovery URL or a different page at an unspecified URL controlled by the OP that it redirects to.

				-- Mike

-----Original Message-----
From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Schwartz
Sent: Tuesday, November 03, 2015 3:48 AM
To: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Front Channel Logout URI ?

Mike Jones,

Are you suggesting that the "end_session_endpoint" OP discovery claim would return this page with the iframe(s) in it? If so, how would one differentiate it from the session management API?

- Mike

> I should have been more specific...
> http://openid.net/specs/openid-connect-logout-1_0.html
> mentions that the OP renders <iframe src="logout_uri"> in a **page**
> What is the url of the **page** on the OP? The logout_uri is defined 
> as a resouce on the RP. How would the RP retrieve this **page**?
> - Mike Schwartz

Michael Schwartz
Founder / CEO
mike at gluu.org
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net

More information about the Openid-specs-ab mailing list