diff --git a/content/en/providers/check-in/sp/_index.md b/content/en/providers/check-in/sp/_index.md index dfe9622d48..13355d22d3 100644 --- a/content/en/providers/check-in/sp/_index.md +++ b/content/en/providers/check-in/sp/_index.md @@ -1293,24 +1293,21 @@ Example response: #### Logout Endpoint -The OpenID Connect protocol supports global logout (like the Single Logout in -SAML). EGI Check-in OpenID Provider supports the -[OpenID Connect RP-Initiated Logout](https://openid.net/specs/openid-connect-rpinitiated-1_0.html) -specification where the logout starts by redirecting the user to a specific -endpoint at the OpenID Provider. - -This endpoint is normally obtained via the `end_session_endpoint` element of the -OP's Configuration page and the parameters that are used in the logout request -at the Logout Endpoint are defined below: - -- `id_token_hint`: ID Token previously issued by the OP to the Relying Party - passed to the Logout Endpoint as a hint about the end user's current - authenticated session with the Client. This is used as an indication of the - identity of the end user that the RP is requesting be logged out by the OP. -- `client_id`: OAuth 2.0 Client Identifier valid at the Authorization Server. - This parameter is needed to specify the Client Identifier when - `post_logout_redirect_uri` is used but `id_token_hint` is not. Using this - parameter, a confirmation dialog will be presented to the end user. +The EGI Check-in OpenID Provider supports user logout based on the +[OpenID Connect RP-Initiated Logout](https://openid.net/specs/openid-connect-rpinitiated-1_0.html). + +The Logout Endpoint is normally obtained via the `end_session_endpoint` element +of Check-in's Provider Configuration (see [Endpoints](#endpoints) table). +Parameters used in the logout request are detailed below: + +- `id_token_hint`: The ID Token previously issued by Check-in to your Relying + Party (RP) and provided to the Logout Endpoint as a hint regarding the end + user's current authenticated session with the client. It indicates the + identity of the end user that the RP is requesting Check-in to log out. + If the `id_token_hint` parameter is omitted, the user may be prompted to + confirm the logout. +- `client_id`: This parameter is used to specify the Client Identifier when + `post_logout_redirect_uri` is specified but `id_token_hint` is not. - `post_logout_redirect_uri`: URI to which the RP is requesting that the end user's browser be redirected after a logout has been performed. This URI should use the HTTPS scheme and the value must have been previously registered @@ -1319,6 +1316,8 @@ at the Logout Endpoint are defined below: to include either the `client_id` or `id_token_hint` parameter in case the `post_logout_redirect_uri` is included. +You can use either HTTP GET or HTTP POST to send the logout request to the Logout Endpoint. + ##### Example Request ```http