Minor OIDC doc updates

docs/src/main/asciidoc/security-openid-connect-web-authentication.adoc

@@ -173,6 +173,8 @@ The user will be returned to the endpoint post logout page once the logout has b
 
 If the `quarkus.oidc.logout.post-logout-path` is set then a `q_post_logout` cookie will be created and a matching `state` query parameter will be added to the logout redirect URI and the OpenID Connect Provider will return this `state` once the logout has been completed. It is recommended for the Quarkus `web-app` applications to check that a `state` query parameter matches the value of the `q_post_logout` cookie which can be done for example in a JAX-RS filter.
 
+Note that a cookie name will vary when using link:security-openid-connect-multitenancy[OpenID Connect Multi-Tenancy]. For example, it will be named `q_post_logout_tenant_1` for a tenant with a `tenant_1` id, etc.
+
 == Accessing ID and Access Tokens
 
 ID Token is always a JWT token. One can access ID Token claims by injecting `JsonWebToken` with an `IdToken` qualifier:

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java

@@ -40,7 +40,7 @@ public class OidcTenantConfig {
 
     /**
      * The base URL of the OpenID Connect (OIDC) server, for example, 'https://host:port/auth'.
-     * All the other OIDC server page and service URLs are derived from this URL.
+     * OIDC discovery endpoint will be called by appending a '/.well-known/openid-configuration' path segment to this URL.
      * Note if you work with Keycloak OIDC server, make sure the base URL is in the following format:
      * 'https://host:port/auth/realms/{realm}' where '{realm}' has to be replaced by the name of the Keycloak realm.
      */