Logout url configured for the application in the keycloak client

pooja.chandregowda · May 31, 2023, 3:09pm

Hi Team,

We have published the third party application on pantaris-latest and our application ID is be6fd9cc-e5bf-11ed-98c7-773fda295962. We are handling the logout as part of our application but it is not working and getting the invalid redirect url error. So we want to know if all the application callback url is configured as logout urls in the keycloak client or is it missing.

thomas.schuerle · June 1, 2023, 5:54am

hey, please find the information in the docs. The validation in the client of your application looks fine. The only difference is a / on sandboxes: https://portal.pantaris-latest.de/applications/be6fd9cc-e5bf-11ed-98c7-773fda295962/sandboxes/*

pooja.chandregowda · June 1, 2023, 6:15am

Thanks. We will check and let you know if that works

pooja.chandregowda · June 6, 2023, 6:09am

Hi,

We configured post_logout_url as mentioned in the doc, and getting properly redirected to the project when we are doing sign out.

But when the SSO session max time is reached for the application we are getting “Internal Server Error” and not redirected to the Project.

pooja.chandregowda · June 8, 2023, 4:48am

Hi, Any updates on this issue?

per.guth · June 9, 2023, 10:13am

Hello, I will try to forward the error internally and get back to you as soon as possible.

pooja.chandregowda · June 13, 2023, 4:58am

Hi, Do we have some updates on this?

per.guth · June 15, 2023, 10:00am

Hello Pooja, could you post the full URL that’s active when the error arises?

pooja.chandregowda · June 15, 2023, 11:52am

Hi,

When max session timeout happens below is the URL where we get error
https://p2.authz.bosch.com/auth/realms/EU_CALPONIA_LATEST/protocol/openid-connect/logout?post_logout_redirect_uri=https://platform.pantaris-latest.de/project/0a2242e6-f322-11ed-a930-4b124cb24f50/apps/purchased

When we do the signout manually, id_token_hint is being added to the url and the proper signout and redirection works

per.guth · June 19, 2023, 10:05am

Hello,

I can replicate that situation. To fix it your request needs to adhere to the following:

If post_logout_url is used the logout request must either include id_token_hint, client_id or both. If not your client will run into the 500 error.

Our documentation is still maturing and we will add more information to it. I am sorry we did not provide you with the relevant information right away.

pooja.chandregowda · June 19, 2023, 10:16am

We tried to include client_id in the logout request but in case of multiple tab having the application open, when the session max timeout happens, redirection is properly happening in the duplicate tabs and the issue still exists in the main tab.

This behavior could be because of the OpenID Connect Library version we are using. We will upgrade the version and check if the issue still exists after that