MirtoBusico commented on issue #6345: URL: https://github.com/apache/apisix/issues/6345#issuecomment-1046308685
Another try and the first results: wrong redirect on logout (so seems that there is a proxy-rewrite conflict) I created two routes: - a simple route for **https://www.m01.net** without any plugin - a route for **https://www.m01.net/*** with proxy-rewrite and openid-connect plugins All routes use an httpbin service as upstream The first route definition is ``` { "uri": "/", "name": "m01-www-home", "desc": "home page for entire application", "methods": [ "GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "CONNECT", "TRACE" ], "host": "www.m01.net", "plugins": { "redirect": { "http_to_https": true } }, "upstream_id": "394941006623015714", "status": 1 } ``` The second route definition is ``` { "uri": "/*", "name": "m01-www-user", "desc": "services for users - access with authentication and role=user", "methods": [ "GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "CONNECT", "TRACE" ], "host": "www.m01.net", "plugins": { "openid-connect": { "access_token_in_authorization_header": true, "bearer_only": false, "client_id": "apisix", "client_secret": "CFejdjaiPNgGXMQub467j10OzcuK43tB", "disable": false, "discovery": "https://k6k.m01.net/auth/realms/apisix_test_realm/.well-known/openid-configuration";, "introspection_endpoint_auth_method": "client_secret_post", "logout_path": "/logout", "realm": "apisix_test_realm", "redirect_uri": "https://www.m01.net/*";, "scope": "openid profile" }, "redirect": { "http_to_https": true } }, "upstream_id": "394941006623015714", "status": 1 } ``` Now - "https://www.m01.net/"; shows the (complete) httpbin home page - "https://www.m01.net/headers"; show the keycloak login page and then the httpbin headers page - "https://www.m01.net/logout"; executes the logout but is redirected to this url ``` https://k6k.m01.net/auth/realms/apisix_test_realm/protocol/openid-connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJZQzh1bVRwQ2ZCRkxQSHpFNmh4dTZUM3QybnBQLUpOSG9hX2JYbnRIczZBIn0.eyJleHAiOjE2NDUzODY0MTksImlhdCI6MTY0NTM4NjExOSwiYXV0aF90aW1lIjoxNjQ1Mzg2MTE5LCJqdGkiOiI5ZDJjNzcxYi1mNjY0LTRmZWItODI0My1kYzRjMzEyYTQzYWEiLCJpc3MiOiJodHRwczovL2s2ay5tMDEubmV0L2F1dGgvcmVhbG1zL2FwaXNpeF90ZXN0X3JlYWxtIiwiYXVkIjoiYXBpc2l4Iiwic3ViIjoiYjYzZTQ4NjMtZjhlNC00ZDdmLTk4NzctMjdlNmNkODRhMTk3IiwidHlwIjoiSUQiLCJhenAiOiJhcGlzaXgiLCJub25jZSI6ImY3NjJhOTA3MzAyNzkyM2M1OWRkMzU0YzE3ZTY4NzdhIiwic2Vzc2lvbl9zdGF0ZSI6ImEyYjY5ZTA2LTJiN2ItNDBjZi1hODM5LTUwYjUyZDNiNDJkMSIsImF0X2hhc2giOiJPUWlPUGxqWFJJaGs0ZFRkbS1LQlB3IiwiYWNyIjoiMSIsInNpZCI6ImEyYjY5ZTA2LTJiN2ItNDBjZi1hODM5LTUwYjUyZDNiNDJkMSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6IlBldGVyIFpodSIsInByZWZlcnJlZF91c2VybmFtZSI6InBldGVyIiwiZ2l2ZW5fbmFtZSI6IlBldGVyIiwiZmFtaWx5X25hbWUiOiJaaHUiLCJlbWFpbCI6InBldGVyQHRlc3QuY29tIn0.N2iDI-T_dbfRXvAx9y9iyqQD 6IWOo2m9ADfUjvVqbhJkRK31054mhQVphzcXa3hnXd8jcKOP5iLtCMP0hGrHZ0_LftH_Czag9zsSqgNPMAoBDMvBYsjb8Yv-xoRBqYx6vmQVPzMEc3CV15sFYrAFHGPrW-rOq0H_sfTYSnrDN6bmaTzV4ZEdgktgGwUKw0pGQObVEN4IZVL4tphOh0o5Rc2icIZAwgbnnToAd_hs7MOgntF-u_vDsPINNjhMIkuG2TW4G3SilAvg1b3xGOa_B4isNZNKiNX4fyCw4TGCOfAmvdd0wpJzq3IsDw1yD-dTSdOg5gPoFqZqpu-EnG7fLg ``` In the apisix log I see ``` 2022-02-20T19:42:06.215Z | 127.0.0.6 - - [20/Feb/2022:19:42:05 +0000] www.m01.net "GET /headers HTTP/2.0" 200 9355 0.003 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0" 10.43.225.202:8000 200 0.004 "http://www.m01.net"; 2022-02-20T19:42:23.016Z | 127.0.0.6 - - [20/Feb/2022:19:42:20 +0000] www.m01.net "GET /logout HTTP/2.0" 302 142 0.000 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0" - - - "http://www.m01.net"; 2022-02-20T19:50:30.419Z | 127.0.0.6 - - [20/Feb/2022:19:50:27 +0000] www.m01.net "GET /headers HTTP/2.0" 302 142 0.000 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0" - - - "http://www.m01.net"; 2022-02-20T19:50:34.133Z | 127.0.0.6 - - [20/Feb/2022:19:50:31 +0000] www.m01.net "GET /*?state=a1bdba4c994e54f5f12f787e3babc849&session_state=4d9e0e6e-d35c-4936-88bf-893cd464b92d&code=97503336-93e4-4793-9a68-0142f9af31ee.4d9e0e6e-d35c-4936-88bf-893cd464b92d.43a0343a-7fb2-471c-b6c8-6f361a8a5bae HTTP/2.0" 302 142 0.014 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0" - - - "http://www.m01.net"; 2022-02-20T19:50:34.133Z | 127.0.0.6 - - [20/Feb/2022:19:50:31 +0000] www.m01.net "GET /headers HTTP/2.0" 200 9320 0.005 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0" 10.43.225.202:8000 200 0.004 "http://www.m01.net"; 2022-02-20T19:50:50.053Z | 127.0.0.6 - - [20/Feb/2022:19:50:47 +0000] www.m01.net "GET /logout HTTP/2.0" 302 142 0.000 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0" - - - "http://www.m01.net"; ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
