Logout url configured for the application in the keycloak client

Hi Team,

We have published the third party application on pantaris-latest and our application ID is be6fd9cc-e5bf-11ed-98c7-773fda295962. We are handling the logout as part of our application but it is not working and getting the invalid redirect url error. So we want to know if all the application callback url is configured as logout urls in the keycloak client or is it missing.

hey, please find the information in the docs. The validation in the client of your application looks fine. The only difference is a / on sandboxes: https://portal.pantaris-latest.de/applications/be6fd9cc-e5bf-11ed-98c7-773fda295962/sandboxes/*

Thanks. We will check and let you know if that works


We configured post_logout_url as mentioned in the doc, and getting properly redirected to the project when we are doing sign out.

But when the SSO session max time is reached for the application we are getting “Internal Server Error” and not redirected to the Project.

Hi, Any updates on this issue?

Hello, I will try to forward the error internally and get back to you as soon as possible.

Hi, Do we have some updates on this?

Hello Pooja, could you post the full URL that’s active when the error arises?


When max session timeout happens below is the URL where we get error

When we do the signout manually, id_token_hint is being added to the url and the proper signout and redirection works


I can replicate that situation. To fix it your request needs to adhere to the following:

If post_logout_url is used the logout request must either include id_token_hint, client_id or both. If not your client will run into the 500 error.

Our documentation is still maturing and we will add more information to it. I am sorry we did not provide you with the relevant information right away.

We tried to include client_id in the logout request but in case of multiple tab having the application open, when the session max timeout happens, redirection is properly happening in the duplicate tabs and the issue still exists in the main tab.

This behavior could be because of the OpenID Connect Library version we are using. We will upgrade the version and check if the issue still exists after that

1 Like