OIDC User Sessions Spec

Are there any plans to update AMs implementation of OIDC user session management to the latest finalized spec? It looks like AM 7.3 currently implements Draft 5 and Draft 10 of the specification -


The specification has now been finalized, and does bring a few changes. In particular, the latest specification requires that a session_state parameter be provided in the authentication response. Many of the OIDC RP implementations that I’ve looked through that support session management look for that parameter in the response to indicate if session management is supported.

(latest spec) - Final: OpenID Connect Session Management 1.0

Hi sdonnel,

Thank you for your inquiry. We currently implement and support the back-channel component.

As for the other session management pieces, such as RP-initiated or Front-Channel logout, we are actively tracking their progress in our Jira system. To stay informed about the development progress of these session management features, we recommend raising a support ticket. This will provide you with the capability to track Jira updates through our system, ensuring that you are always up-to-date. Our support team is also ready to assist you with any additional details you may require.

Please let me know if you have any questions.

Thank you and best regards,