Skip to content

Backchannel logout fails when APIM is configured as the primary IDP #4019

New issue
New issue
Closed
Closed
Backchannel logout fails when APIM is configured as the primary IDP#4019
Assignees
nimsara66
Labels
4.6.0-M1Label for Milestone One Release of API Manager 4.6.0Affected/APIM-4.4.0Issues affecting APIM 4.4.0Component/APIMType/Bug
Milestone
4.6.0-M1
@dinuka10

Description

@dinuka10
dinuka10
opened on Jul 8, 2025

Description

The issue occurs when the setup is configured according to the [1] documentation—instead of IS , configure APIM as the Primary IDP and another IS as the Federated IDP. When logging out from the application, a backchannel logout request is sent from the IS to the APIM.

However, when this request is triggered, the APIM logs display the following error:

[2025-07-01 14:30:19,899] ERROR - IdentityServlet Failed to process IdentityRequest
java.lang.ClassCastException: class com.nimbusds.jose.shaded.gson.internal.LinkedTreeMap cannot be cast to class net.minidev.json.JSONObject (com.nimbusds.jose.shaded.gson.internal.LinkedTreeMap is in unnamed module of loader org.eclipse.osgi.internal.loader.EquinoxClassLoader @714f9696; net.minidev.json.JSONObject is in unnamed module of loader org.eclipse.osgi.internal.loader.EquinoxClassLoader @63cb6f15)
	at org.wso2.carbon.identity.application.authenticator.oidc.logout.idpinit.processor.FederatedIdpInitLogoutProcessor.validateLogoutToken(FederatedIdpInitLogoutProcessor.java:275) ~[org.wso2.carbon.identity.application.authenticator.oidc_5.11.34.2.jar:?]
	at org.wso2.carbon.identity.application.authenticator.oidc.logout.idpinit.processor.FederatedIdpInitLogoutProcessor.doBackChannelLogout(FederatedIdpInitLogoutProcessor.java:143) ~[org.wso2.carbon.identity.application.authenticator.oidc_5.11.34.2.jar:?]
	at org.wso2.carbon.identity.application.authenticator.oidc.logout.idpinit.processor.FederatedIdpInitLogoutProcessor.handleOIDCFederatedLogoutRequest(FederatedIdpInitLogoutProcessor.java:118) ~[org.wso2.carbon.identity.application.authenticator.oidc_5.11.34.2.jar:?]
	at org.wso2.carbon.identity.application.authenticator.oidc.logout.idpinit.processor.FederatedIdpInitLogoutProcessor.process(FederatedIdpInitLogoutProcessor.java:87) ~[org.wso2.carbon.identity.application.authenticator.oidc_5.11.34.2.jar:?]
	at org.wso2.carbon.identity.application.authentication.framework.inbound.IdentityProcessCoordinator.process(IdentityProcessCoordinator.java:42) ~[org.wso2.carbon.identity.application.authentication.framework_5.25.713.3.jar:?]
	at org.wso2.carbon.identity.application.authentication.framework.inbound.IdentityServlet.process(IdentityServlet.java:95) ~[org.wso2.carbon.identity.application.authentication.framework_5.25.713.3.jar:?]
	at org.wso2.carbon.identity.application.authentication.framework.inbound.IdentityServlet.service(IdentityServlet.java:51) ~[org.wso2.carbon.identity.application.authentication.framework_5.25.713.3.jar:?]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) ~[tomcat-servlet-api_9.0.105.wso2v1.jar:?]
	at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) ~[org.eclipse.equinox.http.helper_1.1.0.wso2v1.jar:?]
	at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) ~[?:?]
	at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) ~[?:?]
	at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) ~[?:?]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) ~[tomcat-servlet-api_9.0.105.wso2v1.jar:?]
	at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:199) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:72) ~[csrfguard_3.1.0.wso2v4.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:129) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:65) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:129) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:119) ~[org.wso2.carbon.identity.context.rewrite.valve_1.8.41.jar:?]
	at org.wso2.carbon.identity.context.rewrite.valve.OrganizationContextRewriteValve.invoke(OrganizationContextRewriteValve.java:115) ~[org.wso2.carbon.identity.context.rewrite.valve_1.8.41.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.SameSiteCookieValve.invoke(SameSiteCookieValve.java:38) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:167) ~[org.wso2.carbon.identity.authz.valve_1.8.41.jar:?]
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:118) ~[org.wso2.carbon.identity.auth.valve_1.8.41.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:105) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:68) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:152) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:656) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:63) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:137) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:397) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:935) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1792) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1189) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) ~[tomcat_9.0.105.wso2v1.jar:?]
	at java.lang.Thread.run(Thread.java:829) [?:?]
[2025-07-01 14:30:19,900] ERROR - [bridgeservlet] Servlet.service() for servlet [bridgeservlet] in context with path [/] threw exception
org.wso2.carbon.identity.application.authentication.framework.inbound.FrameworkRuntimeException: java.lang.ClassCastException: class com.nimbusds.jose.shaded.gson.internal.LinkedTreeMap cannot be cast to class net.minidev.json.JSONObject (com.nimbusds.jose.shaded.gson.internal.LinkedTreeMap is in unnamed module of loader org.eclipse.osgi.internal.loader.EquinoxClassLoader @714f9696; net.minidev.json.JSONObject is in unnamed module of loader org.eclipse.osgi.internal.loader.EquinoxClassLoader @63cb6f15)
	at org.wso2.carbon.identity.application.authentication.framework.inbound.FrameworkRuntimeException.error(FrameworkRuntimeException.java:41) ~[org.wso2.carbon.identity.application.authentication.framework_5.25.713.3.jar:?]
	at org.wso2.carbon.identity.application.authentication.framework.inbound.IdentityServlet.getIdentityResponseFactory(IdentityServlet.java:253) ~[org.wso2.carbon.identity.application.authentication.framework_5.25.713.3.jar:?]
	at org.wso2.carbon.identity.application.authentication.framework.inbound.IdentityServlet.process(IdentityServlet.java:131) ~[org.wso2.carbon.identity.application.authentication.framework_5.25.713.3.jar:?]
	at org.wso2.carbon.identity.application.authentication.framework.inbound.IdentityServlet.service(IdentityServlet.java:51) ~[org.wso2.carbon.identity.application.authentication.framework_5.25.713.3.jar:?]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) ~[tomcat-servlet-api_9.0.105.wso2v1.jar:?]
	at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) ~[org.eclipse.equinox.http.helper_1.1.0.wso2v1.jar:?]
	at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) ~[?:?]
	at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) ~[?:?]
	at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) ~[?:?]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) ~[tomcat-servlet-api_9.0.105.wso2v1.jar:?]
	at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:199) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:72) ~[csrfguard_3.1.0.wso2v4.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:129) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:65) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:129) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:119) ~[org.wso2.carbon.identity.context.rewrite.valve_1.8.41.jar:?]
	at org.wso2.carbon.identity.context.rewrite.valve.OrganizationContextRewriteValve.invoke(OrganizationContextRewriteValve.java:115) ~[org.wso2.carbon.identity.context.rewrite.valve_1.8.41.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.SameSiteCookieValve.invoke(SameSiteCookieValve.java:38) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:167) ~[org.wso2.carbon.identity.authz.valve_1.8.41.jar:?]
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:118) ~[org.wso2.carbon.identity.auth.valve_1.8.41.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:105) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:68) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:152) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:656) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:63) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:137) ~[org.wso2.carbon.tomcat.ext_4.9.27.5.jar:?]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:397) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:935) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1792) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1189) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658) ~[tomcat_9.0.105.wso2v1.jar:?]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) ~[tomcat_9.0.105.wso2v1.jar:?]
	at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: java.lang.ClassCastException: class com.nimbusds.jose.shaded.gson.internal.LinkedTreeMap cannot be cast to class net.minidev.json.JSONObject (com.nimbusds.jose.shaded.gson.internal.LinkedTreeMap is in unnamed module of loader org.eclipse.osgi.internal.loader.EquinoxClassLoader @714f9696; net.minidev.json.JSONObject is in unnamed module of loader org.eclipse.osgi.internal.loader.EquinoxClassLoader @63cb6f15)
	at org.wso2.carbon.identity.application.authenticator.oidc.logout.idpinit.processor.FederatedIdpInitLogoutProcessor.validateLogoutToken(FederatedIdpInitLogoutProcessor.java:275) ~[org.wso2.carbon.identity.application.authenticator.oidc_5.11.34.2.jar:?]
	at org.wso2.carbon.identity.application.authenticator.oidc.logout.idpinit.processor.FederatedIdpInitLogoutProcessor.doBackChannelLogout(FederatedIdpInitLogoutProcessor.java:143) ~[org.wso2.carbon.identity.application.authenticator.oidc_5.11.34.2.jar:?]
	at org.wso2.carbon.identity.application.authenticator.oidc.logout.idpinit.processor.FederatedIdpInitLogoutProcessor.handleOIDCFederatedLogoutRequest(FederatedIdpInitLogoutProcessor.java:118) ~[org.wso2.carbon.identity.application.authenticator.oidc_5.11.34.2.jar:?]
	at org.wso2.carbon.identity.application.authenticator.oidc.logout.idpinit.processor.FederatedIdpInitLogoutProcessor.process(FederatedIdpInitLogoutProcessor.java:87) ~[org.wso2.carbon.identity.application.authenticator.oidc_5.11.34.2.jar:?]
	at org.wso2.carbon.identity.application.authentication.framework.inbound.IdentityProcessCoordinator.process(IdentityProcessCoordinator.java:42) ~[org.wso2.carbon.identity.application.authentication.framework_5.25.713.3.jar:?]
	at org.wso2.carbon.identity.application.authentication.framework.inbound.IdentityServlet.process(IdentityServlet.java:95) ~[org.wso2.carbon.identity.application.authentication.framework_5.25.713.3.jar:?]
	... 53 more

In the IS logs, it can be observed that the backchannel logout request receives a 500 Internal Server Error, as shown below.

[2025-07-01 14:30:19,901] [91cbbabe-ed8b-4247-aeb3-21b7bef58d87] DEBUG {org.wso2.carbon.identity.oidc.session.backchannellogout.LogoutRequestSender} - Backchannel logout response: HTTP/1.1 500

[1] https://is.docs.wso2.com/en/latest/guides/authentication/oidc/oidc-federated-idp-initiated-logout/#configure-oidc-federated-idp-initiated-logout

Steps to Reproduce

Follow steps in [1] replacing primary IDP with API-M 4.4.0

[1] https://is.docs.wso2.com/en/latest/guides/authentication/oidc/oidc-federated-idp-initiated-logout/#configure-oidc-federated-idp-initiated-logout

Version

APIM 4.4.0

Environment Details (with versions)

No response

Metadata

Metadata

Assignees

Labels

4.6.0-M1Label for Milestone One Release of API Manager 4.6.0Affected/APIM-4.4.0Issues affecting APIM 4.4.0Component/APIMType/Bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions