I'm not sure yet if this is OAM non-standard but we seem to also get issues with keycloak. It does seem to be part of the standard though - https://support.okta.com/help/s/article/the-purpose-of-id-token-hint-in-the-logout-api-and-how-does-it-affect-the-single-logout-process?language=en_US
With OAM at least you first need to turn off legacy return url option. this will ensure client_id`` and post_logout_redirect_uriare passed to the logout endpoint. However for OAM at least it also requiresid_token_hintandstate```.
For this particular OAM there is an alternative logout endpoint specified called global_logout and that doesn't require the additional params however this plugin doesn't yet have an option to pick a custom logout endpoint.
I'm not sure yet if this is OAM non-standard but we seem to also get issues with keycloak. It does seem to be part of the standard though - https://support.okta.com/help/s/article/the-purpose-of-id-token-hint-in-the-logout-api-and-how-does-it-affect-the-single-logout-process?language=en_US
With OAM at least you first need to turn off legacy return url option. this will ensure
client_id`` andpost_logout_redirect_uriare passed to the logout endpoint. However for OAM at least it also requiresid_token_hintandstate```.For this particular OAM there is an alternative logout endpoint specified called
global_logoutand that doesn't require the additional params however this plugin doesn't yet have an option to pick a custom logout endpoint.