Reputation: 910
Keycloak 20.0.1 not logging out after calling logout endpoint
I have a Spring boot application using Keycloak as authorization server. when a protected url is opened in browser, the user gets redirected to login page provided by Keycloak. After successful login the user is redirected to the requested url. On this page I have a link pointing to the logout endpoint of Keycloak. The link is like this:
https://keycloak-server/realms/my-realm/protocol/openid-connect/logout?client_id=my-client&post_logout_redirect_uri=http://localhost:8081/web/home
After clicking on this link, user is redirected to a page provided by Keycloak asking if they really want to logout. After confirming the logout, user is instantly redirected to the url provided in post_logout_redirect_uri. However if the user navigates to the protected page, they are still logged in.
I don't see any error logs in Keycloak server logs. I have also set the Valid post logout redirect URIs in Keycloak admin panel.
I have also tried to set the id_token_hint instead of client_id but that also didn't solve the problem.
anyone knows what I'm doing wrong?
Upvotes: 0
Views: 2352
Answers (1)
Reputation: 910
I figured out that my approach will only end the session on the keycloak side. I had to log out the client too. I did this by adding a logoutSuccessHandler:
@Bean
public SecurityFilterChain webSecurityFilterChain(HttpSecurity http) throws Exception {
return http.authorizeRequests(
auth -> {
auth.anyRequest().authenticated();
})
.logout()
.logoutUrl("/logout")
.logoutSuccessHandler(oidcLogoutSuccessHandler())
.invalidateHttpSession(true)
.clearAuthentication(true)
.deleteCookies("JSESSIONID")
.and()
.oauth2Login()
.build();
}
private OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler() {
OidcClientInitiatedLogoutSuccessHandler successHandler =
new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
successHandler.setPostLogoutRedirectUri("http://localhost:8081/web/home");
return successHandler;
}
Upvotes: 2
Related Questions
- Logout user via Keycloak REST API doesn't work
- keycloak openid single log out with spring boot
- Spring Security OAuth2/OIDC RP-initiated logout does not work
- Logout via Spring Cloud Gateway does not work with Spring Security, OIDC and Keycloak
- Keycloak not logging out the Identity provider after calling the /logout endpoint
- Keycloak | OIDC Backchannel (Single) Logout with Spring Security
- Keycloak Single Logout Issue with multiple clients
- Keycloak CORS issue on logout redirect
- Spring Boot Oauth2 logout endpoint
- Logout from Spring security keycloak adapter, but no need to login to access application