This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Download and install WSO2 Identity Server. For detailed information on how to install WSO2 IS, see Installing the Product.

  2.  Access the Management Console via https://localhost:9443/carbon/.

  3. Navigate to Service Providers > List and Edit the service provider that you created for the OAuth2 application.
  4. Edit the Callback URL field and enter a logout URL along with the callback URL that you defined when you created the service provider. 

    Code Block
    regexp=(callback_url|logout_url)

    You can specify multiple callback URLs using a regex pattern as follows:

    Info
    titleExample
    Code Block
    regexp=(http://localhost:8080/playground2/oauth2client|http://localhost:8080/playground2/logout)
  5. Use the following cURL command to retrieve the id_token using the client id, client secret, and authorization code:

    Code Block
    curl -k -v --user <client_id>:<client_secret> -d "grant_type=authorization_code&code=<authorization_code>&redirect_uri=http://localhost:8080/playground2/oauth2client" https://localhost:9443/oauth2/token
    Info
    titleExample
    Code Block
    curl -k -v --user IaWVc3g4eemSnbWwekBg79xudZMa:PL9PxKPqGZxkpJ8X8u7g8pA_ruoa -d "grant_type=authorization_code&code=ac1b2e9e-d8d0-3f42-bdd4-dc7aab45b5dc&redirect_uri=http://localhost:8080/playground2/oauth2client" https://localhost:9443/oauth2/token
  6. Use the retrieved id_token in the following URL to logout from the identity provider and redirect to a URL in the RP.

    Code Block
    https://localhost:9443/oidc/logout?id_token_hint=<id_token>&post_logout_redirect_uri=<redirect URI>&state=<state>


    Anchor
    parameters
    parameters

    Following are the parameters you need to specify in the URL:

    ParameterDescriptionRequired
    idp_urlThe OIDC logout endpoint URL.Yes
    id_token_hintThe id_token returned by the identity provider.Yes
    post_logout_redirect_uri

    The URL to be redirected to when logging out. The value defined here should be the same as the callbackURI of the client application.

    Note

    If you do not specify a value for the post_logout_redirect_uri parameter, users are redirected to the default logout success page of WSO2 Identity Server.

    Yes
    stateThe parameter passed from the application to the identity provider to maintain any state information. This is used to correlate the logout requests and responses. If the state parameter is defined as state_1, the logout request and response both have state_1 in them. This makes it easy for the client to identify the request and responses.No
    Info
    titleExample
    Code Block
    https://localhost:9443/oidc/logout?*id_token_hint*=eyJ4NXQiOiJObUptT0dVeE16WmxZak0yWkRSaE5UWmxZVEExWXpkaFpUUmlPV0UwTldJMk0ySm1PVGMxWkEiLCJraWQiOiJkMGVjNTE0YTMyYjZmODhjMGFiZDEyYTI4NDA2OTliZGQzZGViYTlkIiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoiWVZwM3JsX21vOThvVURveUMyNVJQZyIsInN1YiI6ImFkbWluIiwiYXVkIjpbIklhV1ZjM2c0ZWVtU25iV3dla0JnNzl4dWRaTWEiXSwiYXpwIjoiSWFXVmMzZzRlZW1TbmJXd2VrQmc3OXh1ZFpNYSIsImF1dGhfdGltZSI6MTUwNDU5NDUyNCwiaXNzIjoiaHR0cHM6XC9cL2xvY2FsaG9zdDo5NDQzXC9vYXV0aDJcL3Rva2VuIiwiZXhwIjoxNTA0NTk4MTUxLCJpYXQiOjE1MDQ1OTQ1NTF9.KfLa7_QkhJ3yZ1gfv6ZVh6bNkeQB1wUVp914Ek4MVnS-kXkJvBBqe6wqamp3RezNgRxsW59M-GKJUymJjalBGHPu3IglyssiubWOlXlAtkAL13n3B1tpWYwbkgkarI5elmxTwRU4yqsCRbu4T77sWmiIhTtnPEEyBMkhuQioU68&post_logout_redirect_uri=http://localhost:8080/playground2/logout&state=state_1

...