Problem statement
When adding multiple URLs to the “Allowed Logout URLs” and trying to log out from an application, the application does not give the correct redirect; it only gives the first URL in the list.
Solution
When redirecting a user to the logout endpoint via the application, only a returnTo
parameter can be specified which is the URL to redirect the user to after logout. The URL specified needs to be a URL that is listed in the allowed Logout URLs.
If the returnTo
parameter is not specified then the user will be redirected to the first allowed logout URL which is expected behavior.