GitHub user maazwaheed123 edited a discussion: ### Bug: SSO Logout Not Working with Keycloak + Iframe Embedded Superset
We are embedding Superset inside an iframe within our main application. Both the app and Superset are using **Keycloak** for SSO authentication via OIDC. While login works correctly and shares the Keycloak session, **logout from the main application does not log the user out from Superset.** Superset session remains active even after the SSO session ends. #### Superset Apache Superset Running in Docker using official images. #### Authentication Setup - Keycloak 24.x - Superset configured with a custom `OIDCSecurityManager` - OIDC integration through `superset_config.py` - Superset reverse proxied behind NGINX at `https://superset.dalweb/` - Hosted inside an iframe in a Next.js frontend (`https://dalweb/`) #### Expected Behavior When the user logs out from the main application (which ends the Keycloak session), Superset should also log the user out (Single Logout / SLO). #### Actual Behavior - Superset remains logged in after the main app logs the user out. - Only after manually clearing cookies or hitting the Superset logout URL directly, the user is fully logged out. GitHub link: https://github.com/apache/superset/discussions/33685 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
