Support OpenID Connect Back-Channel Logout

[codependent]

Summary

I'm using an OIDC Provider that supports OIDC Back-channel Logout Spec. However the current version of Spring Security doesn't implement this functionality.

Actual Behavior

There's no way to have single sign out.

Expected Behavior

Single sign out from all RPs in which the user has authenticated with SSO.

Configuration

---

Version

5.2

[ThomasVitale]

@jgrandja is there any plan for this task? From January, I'll be available to help with it, if needed.

[jgrandja]

@ThomasVitale I haven't planned this for 5.5 and since RC1 is Feb 3 it might be tight.

Either way, if you're still interested on working on this we can see how the timing goes and always fallback to 5.6. Thoughts?

[ThomasVitale]

@jgrandja I also think that hitting RC1 for 5.5 might be tight. But I'm still interested and I can start working on it right away. Do you have any pointers or should I start drafting some design ideas first?

[jgrandja]

@ThomasVitale Apologies for the delayed response.

Let's plan on getting this in for the release after 5.5, so there is no pressure on rushing for this.

Do you have any pointers or should I start drafting some design ideas first?

I haven't really given it much thought so I think starting to draft some design ideas makes a lot of sense.

Thanks!