<div dir="ltr">The tokens endpoint was deprecated a while back and eventually removed in 1.9. Looks like one url has been missed in the documentation (I created <a href="https://issues.jboss.org/browse/KEYCLOAK-2774">https://issues.jboss.org/browse/KEYCLOAK-2774</a> to update docs and it will be fixed for 1.9.2).<div><br></div><div>Replace:<div><pre id="output" style="color:rgb(0,0,0);border:1px solid rgb(204,204,204);padding:10px;background-color:rgb(221,221,221)"><a href="http://keycloak.dnbcloud.com:8090/auth/realms/indicee/tokens/logout?redirect_uri=http://localhost.dnbcloud.com:8080">http://keycloak.dnbcloud.com:8090/auth/realms/indicee/tokens/logout?redirect_uri=http://localhost.dnbcloud.com:8080</a></pre></div><div>With:</div><div><pre id="output" style="color:rgb(0,0,0);border:1px solid rgb(204,204,204);padding:10px;background-color:rgb(221,221,221)"><a href="http://keycloak.dnbcloud.com:8090/auth/realms/indicee/protocol/openid-connect/logout?redirect_uri=http://localhost.dnbcloud.com:8080">http://keycloak.dnbcloud.com:8090/auth/realms/indicee/protocol/openid-connect/logout?redirect_uri=http://localhost.dnbcloud.com:8080</a></pre></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 8 April 2016 at 02:40, Jesse Chahal <span dir="ltr"><<a href="mailto:jessec@dnbcloud.com" target="_blank">jessec@dnbcloud.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
So our company recently upgraded from keycloak 1.5.1 to 1.9.1 We<br>
destroyed the database as we are still evaluating keycloak for the<br>
time being. We are noticing some issues with logout not working<br>
anymore after this upgrade. Currently we have implemented logout using<br>
URL approach as such:<br>
<a href="http://auth-server/auth/realms/{realm-name}/tokens/logout?redirect_uri=encodedRedirectUri" rel="noreferrer" target="_blank">http://auth-server/auth/realms/{realm-name}/tokens/logout?redirect_uri=encodedRedirectUri</a><br>
which can be found here:<br>
<a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#d4e1383" rel="noreferrer" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#d4e1383</a><br>
<br>
We have setup the correct 'Valid Redirect URIs' for the client we are<br>
logging out from. Our client is using the openid-connect protocol and<br>
confidential access.<br>
What we are seeing is keycloak providing us with a blank page and the<br>
session not being destroyed. Our application is built ontop of<br>
Wildfly10 but we were not able to easily implement<br>
HttpServletRequest.logout() way of logging out as when a user logs in<br>
we translate the keycloak principle/user to be a our own<br>
principle/user type. I did not see a bug in Jira for this yet (was<br>
looking at release version 1.9.2) and am having a hard time believing<br>
nobody else has encountered this issue.<br>
<br>
I have attached the stacktrace that keycloak is spitting out below. To<br>
me it appears as if this feature was removed while the documentation<br>
still shows it as available.<br>
<br>
<br>
00:05:46,037 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default<br>
task-78) RESTEASY002010: Failed to execute:<br>
javax.ws.rs.NotFoundException: RESTEASY003210: Could not find resource<br>
for full path: <a href="http://keycloak.dnbcloud.com:8090/auth/realms/indicee/tokens/logout?redirect_uri=http://localhost.dnbcloud.com:8080" rel="noreferrer" target="_blank">http://keycloak.dnbcloud.com:8090/auth/realms/indicee/tokens/logout?redirect_uri=http://localhost.dnbcloud.com:8080</a><br>
at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:114)<br>
at org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:43)<br>
at org.jboss.resteasy.core.LocatorRegistry.getResourceInvoker(LocatorRegistry.java:79)<br>
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)<br>
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)<br>
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)<br>
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)<br>
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)<br>
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)<br>
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)<br>
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)<br>
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)<br>
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)<br>
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:78)<br>
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)<br>
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)<br>
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)<br>
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)<br>
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)<br>
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)<br>
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)<br>
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)<br>
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)<br>
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)<br>
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)<br>
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)<br>
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)<br>
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)<br>
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br>
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)<br>
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)<br>
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)<br>
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)<br>
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)<br>
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)<br>
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)<br>
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)<br>
at java.lang.Thread.run(Thread.java:745)<br>
<br>
<br>
Thanks,<br>
Jesse<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div><br></div>