Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-32360

Fix logout URI with Keycloak

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2023.0
    • Fix Version/s: 2023.10
    • Component/s: Authentication
    • Release Notes Summary:
      Keycloak now logs out without needing confirmation.
    • Tags:
    • Backlog priority:
      700
    • Sprint:
      nxplatform #109, nxplatform #110
    • Story Points:
      3

      Description

      Currently the logout URI uses the parameter "redirect_uri", for example

      http://localhost:8087/realms/barmig/protocol/openid-connect/logout?redirect_uri=http://localhost:8080/nuxeo/ui/

      => it throws an error "Invalid parameter: redirect_uri"

      The parameter "post_logout_redirect_uri" should be used instead of "redirect_uri". Besides that another parameter must be added to the logout URI :

      • either "client_id" set to the keycloak realm => in this case, the customer is asked to confirm the logout
      • either "id_token_hint" (better solution) => in this case, the logout is automatic

        Attachments

          Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. NXP-32889 Fix Keycloak logout URI after multiple calls

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: