0

I want to kill the WSO2 identity server user session from my application(SP) logout button. Is there any endpoint to do that. Is it possible to do.

Community
  • 1
  • 1
shakila sameera
  • 95
  • 1
  • 6

1 Answers1

2

You can use the session management REST API in WSO2 IS.

Refer to: https://is.docs.wso2.com/en/latest/develop/session-mgt-rest-api/

Anuradha Karunarathna
  • 2,717
  • 2
  • 9
  • 17
  • "https://localhost:9443/t/carbon.super/api/users/v1/me/sessions" Is there any issue with above endpoint. Session is not deleted even though 204 response comes. – shakila sameera Mar 26 '21 at 18:21
  • Before deleting the sessions, did you check the GET request and whether there are any active sessions? Since DELETE is defined to be idempotent, it returns 204 even the no active sessions to delete. Once you confirm that you have active sessions but it doesn't get deleted properly, check whether is there any carbon error logs in the terminal. To verify that the endpoint works properly, Go to the security section of myaccount `https://localhost:9443/myaccount/security` try out terminate all Active Sessions option with an open network tab in the browser. – Anuradha Karunarathna Mar 27 '21 at 03:02
  • Yes, when i invoke GET request it gives me "{}" empty string. What could be the reason to get empty sessions. When i go to security tab and terminate all, it terminated all sessions from the UI. Where could be the missing part for me. Here is my endpoint "https://localhost:9443/t/carbon.super/api/users/v1/me/sessions". Am i missing any configuration in admin console. – shakila sameera Mar 27 '21 at 07:52
  • Is there any possibility to the WSO2IS version i use is not supporting this. My server version is "5.12.0-m12". – shakila sameera Mar 28 '21 at 17:31
  • I figured out this. Problem was the username and password i have passed were wrong. thank you. – shakila sameera Mar 29 '21 at 13:16
  • I am passing the right username and password but still getting empty {} in response, is there anything else that needs to be checked? WSOIS version 5.11.0 – Swarn Singh Jan 18 '23 at 11:08
  • My oidc-client config looks like this ```{ authority: 'authority, client_id: 'client_id', silent_redirect_uri:`${window.location.origin}/callback`, redirect_uri: `${window.location.origin}/callback`, post_logout_redirect_uri:`${window.location.origin}/callback`, response_type: 'id_token token', scope:'openid profile', extraQueryParams:{ navigateToLoginRequestUrl: true }, automaticSilentRenew: true, accessTokenExpiringNotificationTime: 1800 }``` – Swarn Singh Jan 18 '23 at 11:36