带有 id_token_hint 的 oidc/注销不起作用 [英] oidc/logout with id_token_hint is not working

问题描述

我正在发送 https://localhost:9443/oidc/logout?id_token_hint=my_id_token 并获取带有消息 身份服务器您已成功注销的页面.但是当我回到登录页面时，它返回的是授权码而不是询问登录名/密码.

I am sending https://localhost:9443/oidc/logout?id_token_hint=my_id_token and getting the page with the message Identity Server You have successfully logged out. But when I go back to the login page,it is returning authorization code instead of asking login/password.

推荐答案

根据评论中共享的浏览器跟踪，您似乎将注销请求发送到错误的主机名+端口(aisoip-devis.xxxxx.kz:9443).由于这个原因，浏览器上针对原始主机名 (aisoip-dev2.xxxxx.kz) 的 commonauthId cookie 没有被清除.此外，由于主机名差异，该 cookie 不会与注销请求一起传递给 WSO2 IS，并且 WSO2 IS 也无法终止其自身的会话.

According to the browser traces shared in the comments, it seems you are sending the logout request to an incorrect hostname+port (aisoip-devis.xxxxx.kz:9443). Due to that reason, the commonauthId cookie on the browser against the original hostname (aisoip-dev2.xxxxx.kz) is not cleared. Also, that cookie is not passed to WSO2 IS along with the logout request due to the hostname difference and WSO2 IS is unable to terminate the session on its side as well.

https://aisoip-devis.xxxxx.kz:9443/oidc/logout

https://aisoip-dev2.xxxxx.kz/oauth2/authorize

要更正此问题，您必须将注销请求发送到发送身份验证请求的同一主机名+端口对.

To correct this issue, you will have to send the logout request to the same hostname+port pair where you are sending the authentication request.

https://aisoip-dev2.xxxxx.kz/oidc/logout

这篇关于带有 id_token_hint 的 oidc/注销不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！