W Chang created NIFI-7584:
-----------------------------
Summary: LOG OUT button does not work when OpenID Connect is used
for authentication
Key: NIFI-7584
URL: https://issues.apache.org/jira/browse/NIFI-7584
Project: Apache NiFi
Issue Type: Bug
Components: Core UI
Affects Versions: 1.11.4
Environment: CentOS Linux 7
Reporter: W Chang
When nifi-1.11.4 is integrated with Okta OpenID Connect for authentication,
'LOG OUT' button on the front page does not work. It does not log a user out
properly without redirecting to the Logout Redirect URL.
When the button is clicked, the following message is displayed on the browser
{code:java}
{"errorCode":"invalid_client","errorSummary":"Invalid value for 'client_id'
parameter.","errorLink":"invalid_client","errorId":"oae_YfJRUHCQe-BqYnPw6opFg","errorCauses":[]}{code}
The button makes a GET request to the following address.
[https://\{hostname}.okta.com/oauth2/v1/logout?post_logout_redirect_uri=https%3A%2F%2F\{nifi
server dns name}%3A\{port
number}%2Fnifi-api%2F..%2Fnifi|https://dev-309877.okta.com/oauth2/v1/logout?post_logout_redirect_uri=https%3A%2F%2Fplanet-dl-dev-1.mitre.org%3A9443%2Fnifi-api%2F..%2Fnifi]
According to Okta document
[https://developer.okta.com/blog/2020/03/27/spring-oidc-logout-options,] the
logout endpoint format should be as shown below:
{{https://dev-123456.okta.com/oauth2/default/v1/logout?id_token_hint=<id-token>&post_logout_redirect_uri=[http://localhost:8080/]}}
{{And it seems that post_logout_redirect_uri should be "https://\{nifi server
dns name}:\{port number}/nifi-api/access/oidc/logout"}}
{{}}
{{}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
