Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-32360

Fix logout URI with Keycloak

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2023.0
    • Fix Version/s: 2023.10
    • Component/s: Authentication
    • Release Notes Summary:
      Keycloak now logs out without needing confirmation.
    • Tags:
    • Backlog priority:
      700
    • Sprint:
      nxplatform #109, nxplatform #110
    • Story Points:
      3

      Description

      Currently the logout URI uses the parameter "redirect_uri", for example

      http://localhost:8087/realms/barmig/protocol/openid-connect/logout?redirect_uri=http://localhost:8080/nuxeo/ui/

      => it throws an error "Invalid parameter: redirect_uri"

      The parameter "post_logout_redirect_uri" should be used instead of "redirect_uri". Besides that another parameter must be added to the logout URI :

      • either "client_id" set to the keycloak realm => in this case, the customer is asked to confirm the logout
      • either "id_token_hint" (better solution) => in this case, the logout is automatic

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: