Add warning section

rabbitmq · Apr 26, 2024 · 91faf0e · 91faf0e
1 parent 4f5b7f7
commit 91faf0e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/docs/management/index.md b/docs/management/index.md
@@ -430,6 +430,10 @@ specification to logout users from the management UI and from the OAuth Provider
   2. If the [OpenId Connect Discovery endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest) returns an `end_session_endpoint`, the management UI sends a logout request to that endpoint to close the user's session in the OAuth Provider. When the request completes, the user is also logged out from the management ui.
   3. If there is no `end_session_endpoint` returned, then the user is only logged out from the management UI.
 
+:::warning
+RabbitMQ 3.13.1 and earlier versions require the [OpenId Connect Discovery endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest) return `end_session_endpoint` otherwise OAuth 2.0 authentication will work. 
+:::
+
 There are other two additional scenarios which can trigger a logout. One scenario occurs when the OAuth Token expires. Although RabbitMQ renews the token in the background before it expires, if the token expires, the user is logged out.
 The second scenario is when the management UI session exceeds the maximum allowed time configured on the [Login Session Timeout](#login-session-timeout).
 

diff --git a/versioned_docs/version-3.13/management/index.md b/versioned_docs/version-3.13/management/index.md
@@ -430,6 +430,10 @@ specification to logout users from the management UI and from the OAuth Provider
   2. If the [OpenId Connect Discovery endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest) returns an `end_session_endpoint`, the management UI sends a logout request to that endpoint to close the user's session in the OAuth Provider. When the request completes, the user is also logged out from the management ui.
   3. If there is no `end_session_endpoint` returned, then the user is only logged out from the management UI.
 
+:::warning
+RabbitMQ 3.13.1 and earlier versions require the [OpenId Connect Discovery endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest) return `end_session_endpoint` otherwise OAuth 2.0 authentication will work. 
+:::
+
 There are other two additional scenarios which can trigger a logout. One scenario occurs when the OAuth Token expires. Although RabbitMQ renews the token in the background before it expires, if the token expires, the user is logged out.
 The second scenario is when the management UI session exceeds the maximum allowed time configured on the [Login Session Timeout](#login-session-timeout).