diff --git a/release_notes/index.adoc b/release_notes/index.adoc
index acdf26f207..2375ee1879 100644
--- a/release_notes/index.adoc
+++ b/release_notes/index.adoc
@@ -13,6 +13,9 @@ include::topics/templates/document-attributes-community.adoc[]
 :release_header_latest_link: {releasenotes_link_latest}
 include::topics/templates/release-header.adoc[]
 
+== {project_name_full} 16.0.0
+include::topics/16_0_0.adoc[leveloffset=2]
+
 == {project_name_full} 15.0.1
 include::topics/15_0_1.adoc[leveloffset=2]
 
diff --git a/release_notes/topics/16_0_0.adoc b/release_notes/topics/16_0_0.adoc
new file mode 100644
index 0000000000..fac5b3097a
--- /dev/null
+++ b/release_notes/topics/16_0_0.adoc
@@ -0,0 +1,9 @@
+= Highlights
+
+== OpenID Connect Front-Channel Logout Support
+
+{project_name} now supports https://openid.net/specs/openid-connect-frontchannel-1_0.html[OpenID Connect Front-Channel Logout 1.0].
+
+For more details, take a look at link:{adminguide_link}#_oidc-logout[{adminguide_name}].
+
+Thanks to https://github.com/rhyamada[Ronaldo Yamada] for the contribution.
\ No newline at end of file
diff --git a/server_admin/topics/clients/oidc/con-basic-settings.adoc b/server_admin/topics/clients/oidc/con-basic-settings.adoc
index 57c3f06bc8..1e41a91984 100644
--- a/server_admin/topics/clients/oidc/con-basic-settings.adoc
+++ b/server_admin/topics/clients/oidc/con-basic-settings.adoc
@@ -46,6 +46,7 @@ Exclusive redirect URL patterns are typically more secure.  See xref:unspecific-
 
 *Base URL*:: This URL is used when {project_name} needs to link to the client.
 
+[[_admin-url]]
 *Admin URL*:: Callback endpoint for a client.  The server uses this URL to make callbacks like pushing revocation policies, performing backchannel logout, and other administrative operations.  For {project_name} servlet adapters, this URL can be the root URL of the servlet application.
 For more information, see link:{adapterguide_link}[{adapterguide_name}].
 
@@ -56,3 +57,11 @@ If browser JavaScript attempts an AJAX HTTP request to a server whose domain is
 JavaScript code came from, the request must use CORS. The server must handle CORS requests, otherwise the browser will not display or allow the request to be processed. This protocol protects against XSS, CSRF, and other JavaScript-based attacks.
 +
 Domain URLs listed here are embedded within the access token sent to the client application. The client application uses this information to decide whether to allow a CORS request to be invoked on it.  Only {project_name} client adapters support this feature. See link:{adapterguide_link}[{adapterguide_name}] for more information.
+
+[[_front-channel-logout]]
+*Front Channel Logout*:: If *Front Channel Logout* is enabled, the application should be able to log out users through the front channel as per link:https://openid.net/specs/openid-connect-frontchannel-1_0.html[OpenID Connect Front-Channel Logout] specification. If enabled, you should also provide the `Front-Channel Logout URL`.
+
+*Front-Channel Logout URL*:: URL that will be used by {project_name} to send logout requests to clients through the front-channel.
+
+[[_back-channel-logout-url]]
+*Backchannel Logout URL*:: URL that will cause the client to log itself out when a logout request is sent to this realm (via end_session_endpoint). If omitted, no logout requests are sent to the client.
diff --git a/server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc b/server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc
index 18b9ce5ecc..810b878504 100644
--- a/server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc
+++ b/server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc
@@ -317,9 +317,29 @@ When the session is terminated at {project_name} the application will notice and
 
 ===== Frontchannel Logout
 
-This is also a browser-based logout. In contrast to the Session Managment based logout approach {project_name} will send logout
-requests to the clients. Applications or clients need to have a frontchannel logout URL registered at {project_name}.
-After triggering a logout at {project_name}, it will send logout requests to these registered URLs that will terminate the client sessions.
+This is also a browser-based logout where the logout starts by redirecting the user to a specific endpoint at {project_name}.
+
+Once the user is redirected to the logout endpoint, {project_name} is going to send logout requests to
+clients to let them to invalidate their local user sessions, and potentially redirect the user to some URL
+once the logout process is finished.
+
+Depending on the client configuration, logout requests can be sent to clients through the front-channel or through the back-channel.
+
+To configure clients to receive logout requests through the front-channel, look at the <<_front-channel-logout, Front-Channel Logout>> client setting. When using this method, consider the following:
+
+* Logout requests sent by {project_name} to clients rely on the browser and on embedded `iframes` that are rendered for the logout page.
+* By being based on `iframes`, front-channel logout might be impacted by Content Security Policies (CSP) and logout requests might be blocked.
+* If the user closes the browser prior to rendering the logout page or before logout requests are actually sent to clients, their sessions at
+the client might not be invalidated.
+
+[NOTE]
+====
+Consider using Back-Channel Logout as it provides a more reliable and secure approach to log out users and terminate their sessions
+on the clients.
+====
+
+If the client is not enabled with front-channel logout, then {project_name} is going to try first to send logout requests through the back-channel
+using the <<_back-channel-logout-url, Back-Channel Logout URL>>. If not defined, the server is going to fall back to using the <<_admin-url, Admin URL>>.
 
 ===== Backchannel Logout
 
diff --git a/server_admin/topics/sso-protocols/oidc.adoc b/server_admin/topics/sso-protocols/oidc.adoc
index 10d52fff8b..d05abb4f66 100644
--- a/server_admin/topics/sso-protocols/oidc.adoc
+++ b/server_admin/topics/sso-protocols/oidc.adoc
@@ -338,11 +338,31 @@ Again since all of this is described in the OIDC specification we will only give
 This is a browser-based logout. The application obtains session status information from {project_name} at a regular basis.
 When the session is terminated at {project_name} the application will notice and trigger it's own logout.
 
-===== Frontchannel Logout
+===== Front-Channel Logout
 
-This is also a browser-based logout. In contrast to the Session Managment based logout approach {project_name} will send logout
-requests to the clients. Applications or clients need to have a frontchannel logout URL registered at {project_name}.
-After triggering a logout at {project_name}, it will send logout requests to these registered URLs that will terminate the client sessions.
+This is also a browser-based logout where the logout starts by redirecting the user to a specific endpoint at {project_name}.
+
+Once the user is redirected to the logout endpoint, {project_name} is going to send logout requests to
+clients to let them to invalidate their local user sessions, and potentially redirect the user to some URL
+once the logout process is finished.
+
+Depending on the client configuration, logout requests can be sent to clients through the front-channel or through the back-channel.
+
+To configure clients to receive logout requests through the front-channel, look at the <<_front-channel-logout, Front-Channel Logout>> client setting. When using this method, consider the following:
+
+* Logout requests sent by {project_name} to clients rely on the browser and on embedded `iframes` that are rendered for the logout page.
+* By being based on `iframes`, front-channel logout might be impacted by Content Security Policies (CSP) and logout requests might be blocked.
+* If the user closes the browser prior to rendering the logout page or before logout requests are actually sent to clients, their sessions at
+the client might not be invalidated.
+
+[NOTE]
+====
+Consider using Back-Channel Logout as it provides a more reliable and secure approach to log out users and terminate their sessions
+on the clients.
+====
+
+If the client is not enabled with front-channel logout, then {project_name} is going to try first to send logout requests through the back-channel
+using the <<_back-channel-logout-url, Back-Channel Logout URL>>. If not defined, the server is going to fall back to using the <<_admin-url, Admin URL>>.
 
 ===== Backchannel Logout