Question about single sign out with Identity Server 3 hybrid flow

[cstrijkert]

Hi,

I've problems with single sign out for Identity Server 3. I don't understand what i'm doing wrong.
With the current configuration the 'IFrameUrls' collection on the loggedOut page is never displaying any logout endpoint of active clients.

I did the following already:

• Logout URI on the clients
• Adding the id_token to the 'n.ProtocolMessage.IdTokenHint' on LogoutRequest
• Logout by firing the code 'Request.GetOwinContext().Authentication.SignOut();'

When logging out I see the following log:

2017-12-08 09:47:12.206 +01:00 [Information] "End session request validation success"
"{
  "ClientId": "{id of client}",
  "ClientName": "{name of client}",
  "SubjectId": "00b8309b-c4a9-e711-80f6-1458d04316b0",
  "PostLogOutUri": "{url}",
  "Raw": {
    "post_logout_redirect_uri": "{url}",
    "id_token_hint\": \eyJ0eXAi....pOoGEQ"
  }
}

The 'ClientID' of above log is the right ID. But when I enable the 'signoutprompt' on Identity Server I see the wrong client. For example:
I have clients A and B. When I want to logout from client A, I was redirected to the Identity Server logout page, but that page is telling me that I'm logging out client B. How that's possible? The above log displays the correct clientId however.

On the _loggedOut.html page I added code that displays all IFrameUrls to check which client enpoints are called and I saw that there was always the same URL and no client signout URL was called.

{authority_ur}/identity/connect/endsessioncallback?sid=d222611e4ab77858a921778695784d6f

The problems are on DEV environment with no SSL enabled on IDserver. The DEV clients are running on SSL already.

So, whats missing or wrong? Are there other settings on Identity Server that are in conflict with single sign out?