OpenID Connect RP-initiated logout endpoint

The OpenID Connect RP-Initiated Logout endpoint provides OAuth clients a way to request that the OP perform a federated logout.

PingFederate prompts users to confirm the logout request if the PingFederate cookie isn’t configured. Learn more in Configuring the PingFederate cookie.

Endpoint: /idp/init_logout.openid

This endpoint supports the HTTP GET and POST methods. When using the HTTP POST method, the required Content-Type value is application/x-www-form-urlencoded.

The following table describes the parameters for this endpoint.

Parameter Description

Parameter	Description
`id_token_hint`	An optional parameter containing an ID token previously issued by PingFederate to the relying party (RP). If this parameter isn’t included or can’t be validated, the user is prompted to confirm the logout request.
`client_id`	An optional parameter containing the ID of the client that is requesting logout. This parameter must be included if an encrypted `id_token_hint` is provided.
`post_logout_redirect_uri`	An optional URI where the user’s browser should be redirected after a logout has been performed. If this parameter is provided, either `client_id` or `id_token_hint` must also be included so PingFederate can determine which client is requesting the logout. The requested `post_logout_redirect_uri` must match one of the values registered for the client or it will be ignored.
`state`	An optional value used by the relying party to maintain state between the logout request and the callback to the `post_logout_redirect_uri`. If included in the logout request, PingFederate passes this value as the `state` parameter when redirecting back to the relying party.
`ui_locales`	An optional parameter indicating the user’s preferred languages for the user interface, represented as a space-separated list of BCP47 (RFC5646) language tag values, ordered by preference. For example, the value `fr-CA fr en` represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation).

id_token_hint

An optional parameter containing an ID token previously issued by PingFederate to the relying party (RP). If this parameter isn’t included or can’t be validated, the user is prompted to confirm the logout request.

client_id

An optional parameter containing the ID of the client that is requesting logout. This parameter must be included if an encrypted id_token_hint is provided.

post_logout_redirect_uri

An optional URI where the user’s browser should be redirected after a logout has been performed. If this parameter is provided, either client_id or id_token_hint must also be included so PingFederate can determine which client is requesting the logout. The requested post_logout_redirect_uri must match one of the values registered for the client or it will be ignored.

state

An optional value used by the relying party to maintain state between the logout request and the callback to the post_logout_redirect_uri. If included in the logout request, PingFederate passes this value as the state parameter when redirecting back to the relying party.

ui_locales

An optional parameter indicating the user’s preferred languages for the user interface, represented as a space-separated list of BCP47 (RFC5646) language tag values, ordered by preference. For example, the value fr-CA fr en represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation).

PingFederate Server

OpenID Connect RP-initiated logout endpoint

Endpoint: /idp/init_logout.openid