CODEWITHSUNDEEP
keycloakopenid-connectsingle-logoutakhq
Hoorieh Ghahremani
Hoorieh Ghahremani

Reputation: 1

How to integrate Keycloak SSO and SLO with Kafka-UI and AKHQ using OIDC?

I am trying to integrate Keycloak with tools like Kafka-UI and AKHQ, using the OIDC (OpenID Connect) protocol for Single Sign-On (SSO) and Single Logout (SLO). I have successfully implemented SSO with the identity provider, but I am facing an issue with SLO.

My expectation is that when I log out from Keycloak, I should be logged out from all clients, and vice versa,but this is not happened and i can not understand why.

Here are the configuration setting for these services:

Kafka-UI config:

auth:
  type: OAUTH2
  oauth2:
    client:
      keycloak:
        clientId: kafka-ui
        clientSecret: ******
        scope: openid
        issuer-uri: keycloak/realms/myrealm
        user-name-attribute: preferred_username
        client-name: keycloak
        provider: keycloak
        custom-params:
          type: keycloak
          logoutUrl: keycloak/realms/myrealm/protocol/openid-connect/logout

Akhq config:

        micronaut:
          security:
            enabled: true
            endpoints:
             logout:
              enabled: true
              path: keycloak/realms/myrealm/protocol/openid-connect/logout
              get-allowed: true
            redirect:
             logout: keycloak/realms/myrealm/protocol/openid-connect/logout
             login-success: "/ui"
            oauth2:
              enabled: true
              logout-uri: keycloak/realms/myrealm/protocol/openid-connect/logout
              redirect-uri: keycloak/realms/myrealm/protocol/openid-connect/logout
              callback-uri: "akhq/oauth/callback/keycloak"
              clients:
                keycloak:
                  client-id: "akhq"
                  client-secret: "*****"
                  openid:
                    issuer: "keycloak/realms/myrealm"
                    end-session:
                      enabled: true
                      url: keycloak/realms/myrealm/protocol/openid-connect/logout

Here are the Keycloak setting related to SLO, which are almost identical for both services:

Client ID: kafka-ui / akhq
Enabled: ON
Client Protocol: openid-connect
Standard Flow Enabled: ON
Implicit Flow Enabled: OFF
Direct Access Grants Enabled: ON 
OAuth 2.0 Device Authorization Grant Enabled: ON
Root URL: kafka-ui    /    akhq
Valid Redirect URIs: kafka-ui/*     /     akhq/*
Web Origins: kafka-ui    /    akhq
Admin URL: kafka-ui    /    akhq
Root URL: kafka-ui    /    akhq
Valid post logout redirect URIs: kafka-ui/logout    /    akhq/logout
Front channel logout Enabled: ON
Front-channel logout URL : kafka-ui/logout    /    akhq/logoutt
Backchannel logout URL: kafka-ui/logout    /    akhq/logout
Backchannel logout session required Enabled: ON
Backchannel logout revoke offline sessions Enabled: ON / OFF

Has anyone experienced a similar issue or know how to resolve it?

Upvotes: 0

Views: 397

Answers (0)

Related Questions