The Connect2id server obtains OpenID Connect logout certification
The OpenID Foundation recently extended its certification suite with tests for the three OpenID Connect specifications for managing sessions and letting a relying party (RP) receive logout notifications:
OpenID Connect Session Management 1.0 (draft 28) -- a simple front-end mechanism for an RP to detect changes of user session state at the OpenID provider by means of HTML5 postMessage polling. Also defines an optional OpenID provider endpoint where the end-user can be sent with a logout request.
OpenID Connect Front-Channel Logout 1.0 (draft 02) -- lets an RP to subscribe to and receive logout notification via a front-end call.
OpenID Connect Back-Channel Logout 1.0 (draft 04) -- lets an RP can subscribe to and receive logout notifications (encoded in a JWT) via a back-end call.
With the new tests in place we took the opportunity to certify the implemented logout functions of the Connect2id server, which have been in place for several years now.
The test logs were submitted on the 15th of December 2019 and can be viewed on the OpenID certifications page.
We would like to thank Filip Skokan, Roland Hedberg, Mike Jones and the rest of the team at the OpenID Foundation for taking care of the certification program and adding new useful tests over the years.