Redirection after logout

It is possible to designate a page the user will be redirected to after logging out from a Feide service using OpenID Connect (OIDC).

The page is given in the logout request from the service, and must be configured in advance in the service profile in the dashboard.

The implementation conforms to the specification of “RP-Initiated Logout” in the draft standard for OpenID Connect Session Management.

Registering a URL in the dashboard

Registering a URL in the dashboard

The URL to redirect to has to be registered in the dashboard. Select the service and the section “Extended info”. Enter the URL in the “Post logout redirect URI” field. You can also press [+] and register multiple URLs. Finally, press “Save changes”.

The logout endpoint can be found as the attribute end_session_endpoint at the discovery endpoint https://auth.dataporten.no/.well-known/openid-configuration.

On logout, the service should redirect the user’s browser to the logout endpoint. Feide will terminate the session for the service, and redirect the browser. The following parameters must be given:

post_logout_redirect_uri:
 URL to redirect the user to after logout.
id_token_hint:ID token that the service received on login. Used by Feide to identify the service, so that it can verify that the redirect URL matches one of those configured.

If wanted, the service can add

state:if present, Feide will pass it on as a state parameter to the redirect URL.