oxTrust won't allow to set several postlogout redirect uris for OIDC client

Question

oxTrust won't allow to set several postlogout redirect uris for OIDC client

aliaksander-samuseu opened this issue a year ago · comments

aliaksander-samuseu commented a year ago

Both Front Channel Logut URI and Back Channel Logout URI need to be multi-value. This was a mistake in the orignal spec...

shekhar16 · Answer 1 · Thu Apr 20 2023 00:24:15 GMT+0800 (China Standard Time)

closing this ticket as the code has been merged. Please let me if any issue found.

Kristiina Märtin · Answer 2 · Tue May 16 2023 13:54:20 GMT+0800 (China Standard Time)

Hi @nynymike , original issue stated in this ticket's title: "oxTrust won't allow to set several postlogout redirect uris for OIDC client " is still not fixed. And there is no explanation or reasoning why it is not fixed also at this ticket.
Instead under this ticket are fixes (?) to different issues front and back logout URIs and ticket is closed.
Please fix original issue or at least give some reasoning why it is decided not to fix it.
OpenID Connect spec - https://openid.net/specs/openid-connect-rpinitiated-1_0.html#ClientMetadata , has not changed an states that there can be multiple post logout redirect URIs defined for a client.

Related Gluu support ticket: https://support.gluu.org/single-sign-on/11111/configuring-clients-redirect-logout-uris-broken/

Michael Schwartz · Answer 3 · Wed May 17 2023 01:41:34 GMT+0800 (China Standard Time)

It should be fixed in 4.5.1

As a workaround, you can use the oTrust config API