I have setup a federation between 2 Okta instances.
I am able to login with federated user but issue is unable to logout the federated user.
My Kong Config is as below
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: {{ .Values.kongPlugin.oidcKongPluginName }}
plugin: openid-connect
config:
auth_methods:
- password
- client_credentials
- authorization_code
- bearer
- introspection
- kong_oauth2
- refresh_token
- session
authorization_cookie_name: authorization
cache_introspection: true
cache_tokens: true
cache_user_info: true
client_arg: client_id
client_id: {{ .Values.kongPlugin.clientId }}
client_secret: {{ .Values.kongPlugin.clientSecret }}
consumer_by: - username
- custom_id
http_version: 1.1
id_token_param_type: - query
- header
- body
issuer: {{ .Values.kongPlugin.issuer }}
redirect_uri: {{ .Values.kongPlugin.redirectUri }}
jwt_session_claim: sid
leeway: 0
login_action: upstream
login_methods: - authorization_code
login_redirect_mode: fragment
login_tokens: - id_token
logout_methods: - POST
- DELETE
- GET
logout_query_arg: logout
logout_redirect_uri: - {{ .Values.kongPlugin.logoutRedirectUri1 }}
- {{ .Values.kongPlugin.logoutRedirectUri2 }}
logout_revoke: true
#end_session_endpoint: ?
#revocation_endpoint : https://xxxx.oktapreview.com/oauth2/v1/revoke
logout_revoke_access_token: true
logout_uri_suffix: _logout
keepalive: true
response_mode: query
reverify: false
scopes: - openid
session_cookie_name: session
session_cookie_lifetime: 1860
ssl_verify: false
timeout: 10000
upstream_access_token_header: authorization:bearer
upstream_user_info_header: x-userinfo
verify_claims: true
verify_nonce: true
verify_parameters: false
verify_signature: false