PingFederate Server

OpenID Connect RP-initiated logout endpoint

The OpenID Connect RP-Initiated Logout endpoint provides OAuth clients a way to request that the OP perform a federated logout.

Endpoint: /idp/init_logout.openid

This endpoint supports the HTTP GET and POST methods. When using the HTTP POST method, the required Content-Type value is application/x-www-form-urlencoded.

The following table describes the parameters for this endpoint.

Parameter Description

id_token_hint

An optional parameter containing an ID Token previously issued by PingFederate to the relying party (RP). If this parameter is not included or cannot be validated, the user will be prompted to confirm the logout request.

client_id

An optional parameter containing the ID of the client that is requesting logout. This parameter must be included if an encrypted id_token_hint is provided.

post_logout_redirect_uri

An optional URI where the user’s browser should be redirected after a logout has been performed. If this parameter is provided, either client_id or id_token_hint must also be included, so that PingFederate can determine the client that is requesting logout. The requested post_logout_redirect_uri must match one of the values registered for the client or it will be ignored.

state

An optional value used by the relying party to maintain state between the logout request and the callback to the post_logout_redirect_uri. If included in the logout request, PingFederate passes this value as the state parameter when redirecting back to the relying party.

ui_locales

An optional parameter indicating the user’s preferred languages for the user interface, represented as a space-separated list of BCP47 (RFC5646) language tag values, ordered by preference. For instance, the value "fr-CA fr en" represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation).