[ 
https://issues.apache.org/jira/browse/NIFI-7584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17146409#comment-17146409
 ] 

Andy LoPresto commented on NIFI-7584:
-------------------------------------

Thanks for reporting this. I believe it is related to another OIDC issue 
currently being investigated. 

> LOG OUT button does not work when OpenID Connect is used for authentication
> ---------------------------------------------------------------------------
>
>                 Key: NIFI-7584
>                 URL: https://issues.apache.org/jira/browse/NIFI-7584
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core UI
>    Affects Versions: 1.11.4
>         Environment: CentOS Linux 7
>            Reporter: W Chang
>            Priority: Critical
>              Labels: UI, bug, logout, oidc
>
> When nifi-1.11.4 is integrated with Okta OpenID Connect for authentication, 
> 'LOG OUT' button on the front page does not work.  It does not log a user out 
> properly without redirecting to the Logout Redirect URL.  
> When the button is clicked, the following message is displayed on the browser
> {code:java}
> {"errorCode":"invalid_client","errorSummary":"Invalid value for 'client_id' 
> parameter.","errorLink":"invalid_client","errorId":"oae_YfJRUHCQe-BqYnPw6opFg","errorCauses":[]}{code}
> The button makes a GET request to the following address.
> [https://\{hostname}.okta.com/oauth2/v1/logout?post_logout_redirect_uri=https%3A%2F%2F\{nifi
>  server dns name}%3A\{port 
> number}%2Fnifi-api%2F..%2Fnifi|https://dev-309877.okta.com/oauth2/v1/logout?post_logout_redirect_uri=https%3A%2F%2Fplanet-dl-dev-1.mitre.org%3A9443%2Fnifi-api%2F..%2Fnifi]
> According to Okta document 
> [https://developer.okta.com/blog/2020/03/27/spring-oidc-logout-options,] the 
> logout endpoint format should be as shown below:
> {{[https://dev-123456.okta.com/oauth2/default/v1/logout?id_token_hint=]<id-token>&post_logout_redirect_uri=[http://localhost:8080/]}}
>  
> {{And it seems that post_logout_redirect_uri should be  "https://\{nifi 
> server dns name}:\{port number}/nifi-api/access/oidc/logout"}}
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to