[I] help request: Issue with Redirecting User after Logout using OpenID-Connect and Keycloak [apisix]

Tue, 16 Jul 2024 23:05:22 -0700 


thechromosomes opened a new issue, #11411:
URL: https://github.com/apache/apisix/issues/11411

   ### Description
   
   I am trying to set up OpenID-Connect and Keycloak, but for some reason, I 
cannot redirect the user after logout.
   
   Here is the JSON configuration for the OpenID-Connect plugin:
   
   ```
   {
     "_meta": {
       "disable": false
     },
     "bearer_only": false,
     "client_id": "apisix",
     "client_secret": "YB2YHVyg2UuAaaujB6AGMDEPngjbVlld",
     "discovery": 
"https://keycloak.mydomain.com:8443/realms/apisix/.well-known/openid-configuration";,
     "introspection_endpoint_auth_method": "client_secret_post",
     "post_logout_redirect_uri": "http://keycloak.mydomain.com:9080/dashboard";,
     "realm": "apisix",
     "redirect_uri": "http://keycloak.mydomain.com:9080/*";,
     "scope": "openid profile"
   }
   ```
   
   
   When attempting to log out, I receive the following response from Keycloak:
   
   ```
   2024-07-17 11:12:47 2024-07-17 05:42:47,974 WARN  [org.keycloak.events] 
(executor-thread-398) type="LOGOUT_ERROR", 
realmId="902db3c9-5318-4f78-88b5-3d3d00d44927", realmName="apisix", 
clientId="null", userId="null", ipAddress="172.27.0.1", 
error="invalid_request", reason="Either the parameter 'client_id' or the 
parameter 'id_token_hint' is required when 'post_logout_redirect_uri' is used."
   2024-07-17 11:12:47 2024-07-17 05:42:47,975 WARN  
[org.keycloak.protocol.oidc.endpoints.LogoutEndpoint] (executor-thread-398) 
Either the parameter 'client_id' or the parameter 'id_token_hint' is required 
when 'post_logout_redirect_uri' is used.
   ```
   
   
   It appears that either the client_id or the id_token_hint parameter is 
required when using the post_logout_redirect_uri parameter. However, it is 
unclear how to include these parameters in the logout request.
   
   Ref image:
   
   
![image](https://github.com/user-attachments/assets/eb929212-c37b-4860-bcc3-065effcd9fef)
   
   
![image](https://github.com/user-attachments/assets/43534ebb-fc7c-4648-9f18-41301f74c0fd)
   
   
   ### Environment
   
   ### Environment
   
   - APISIX version: 3.9.0
   - Operating system: Linux
   - OpenResty / Nginx version: openresty/1.25.3.1
   - etcd version: 3.5.0
   - APISIX Dashboard version: 3.0.1
   - keycloak version: 25.0.1


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to