Redirection after logout

It is possible to designate a page the user will be redirected to after logging out from a Feide service using OpenID Connect (OIDC).

The page is given in the logout request from the service, and must be configured in the configuration on the service in the customer portal.

The implementation conforms to the draft standard for OpenID Connect RP-Initiated Logout.

The URL to redirect to has to be registered in the customer portal. Edit the service and select the configuration under the “configuration” tab or add a new configuration for a new configuration.

Enter the URL in the “Redirect URI for logout field. You can also press [+ Add URI] and register multiple URLs. Finally, press “Save” at the bottom of the page.

Screenshot of adding redirect URI for OIDC-configuration

Screenshot of adding redirect URI for OIDC-configuration

The logout endpoint can be found as the attribute end_session_endpoint at the discovery endpoint https://auth.dataporten.no/.well-known/openid-configuration.

On logout, the service should redirect the user’s browser to the logout endpoint. Feide will terminate the session for the service, and redirect the browser. The following parameters must be given:

post_logout_redirect_uri

URL to redirect the user to after logout.

id_token_hint

ID token that the service received on login. Used by Feide to identify the service, so that it can verify that the redirect URL matches one of those configured.

If wanted, the service can add

state

if present, Feide will pass it on as a state parameter to the redirect URL.