We are using OpenID Connect for authentication with idp.wmcloud.org on https://catalyst.wmcloud.org/. When we log out, we do see a request to the OpenID Connect logout endpoint (https://idp.wmcloud.org/oidc/oidcLogout, which we see indicated at https://idp.wmcloud.org/oidc/.well-known/openid-configuration), and we are redirected back to the login page. But, if we attempt to log in again, we are usually still logged in to the IdP, so are immediately redirected back to the web site in a logged in state.
Also, if we visit the OpenID Connect logout endpoint directly in our browser, it does say we are logged out of the IdP, but we are still not actually logged out (but I'm not sure if that's a good test).
Is it possible to coordinate to check the logs to see what is happening on the IdP side?
We're also seeing some odd interaction between idp.wmcloud.org and idp.wikimedia.org. If I visit https://idp.wmcloud.org/ and login and then click the logout link, which takes me to https://idp.wmcloud.org/logout, I am then redirected to https://idp.wikimedia.org/logout. I'm not sure if this is significant.