<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">It's strongly recommended to use our
keycloak.js adapter. It doesn't use cookies to maintain state. See
our examples for it in the example distribution. <br>
<br>
If you handle things manually, you need to care about various
things (like refreshes etc) and for logout, you of course need to
care of manually removing all the OAuth related state from your
application and possibly remove cookies (if your application is
using them).<br>
<br>
Marek<br>
<br>
<br>
On 22/09/16 02:01, Sean Schade wrote:<br>
</div>
<blockquote
cite="mid:CA+-sXf_5vdsjYegED+M7S30NYHQ8zY3URQduk-_HNMP+nSiOVA@mail.gmail.com"
type="cite">
<div dir="ltr">Do I need to use the Keycloak JS adapter in our
Angular app in order to get logout to work correctly? I thought
we would be fine with just the openid-connect logout url. It
looks like the adapter clears the token in the browser.
<div><br>
</div>
<div><a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak/tree/master/adapters/oidc/js/src/main/resources">https://github.com/keycloak/keycloak/tree/master/adapters/oidc/js/src/main/resources</a><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Sep 21, 2016 at 2:08 PM, Sean
Schade <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:sean.schade@drillinginfo.com" target="_blank">sean.schade@drillinginfo.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Thanks Scott for replying. We don't use an
adapter. We have an Angular app that makes HTTP calls to
backend services. All of our services are behind a
Keycloak Security Proxy.
<div><br>
</div>
<div>We are migrating away from Oracle OAM to Keycloak,
and with Oracle navigating to the logout link was
sufficient. I assumed the same would be for Keycloak. </div>
<div><br>
</div>
<div>I initially thought this might be the bug: <a
moz-do-not-send="true"
href="https://issues.jboss.org/browse/KEYCLOAK-3311"
target="_blank">https://issues.jboss.org/<wbr>browse/KEYCLOAK-3311</a></div>
<div><br>
</div>
<div>However, after looking at the logs in Keycloak when I
click the Logout button in our app I see the following
errors.</div>
<div><br>
</div>
<div>
<p><span>18</span><span>:</span><span>55</span><span>:</span><span>10</span><span>,</span><span>630</span><span>
WARN [org.jboss.resteasy.resteasy_<wbr>jaxrs.i18n]
(</span><span>default</span><span> task-</span><span>11</span><span>)
RESTEASY002130: </span><span>Failed</span><span> to
parse request.: javax.ws.rs.core.</span><span>UriBuilderExc<wbr>eption</span><span>:
RESTEASY003330: </span><span>Failed</span><span> to
create URI: </span><span>null</span></p>
<p><span>
</span></p>
<ol>
<li><span></span><span>Caused</span><span> </span><span>by</span><span>:
javax.ws.rs.core.</span><span>UriBuilderExc<wbr>eption</span><span>:
RESTEASY003280: empty host name</span></li>
<li><span></span><span> at
org.jboss.resteasy.specimpl.</span><span>Re<wbr>steasyUriBuilder</span><span>.buildString(</span><span>R<wbr>esteasyUriBuilder</span><span>.java:</span><span>540</span><span>)</span></li>
<li><span></span><span> at
org.jboss.resteasy.specimpl.</span><span>Re<wbr>steasyUriBuilder</span><span>.<wbr>buildFromValues(</span><span>ResteasyUriBui<wbr>lder</span><span>.java:</span><span>743</span><span>)</span></li>
</ol>
<p><span><br>
</span></p>
<p><span>Perhaps it is a combination of the Keycloak
Security Proxy and some misconfiguration? I'm not
really sure at this moment.</span></p>
<p>Is my assumption correct that we do not need an
adapter for oidc logout?</p>
</div>
</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Sep 21, 2016 at 1:29
PM, Scott Rossillo <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:srossillo@smartling.com"
target="_blank">srossillo@smartling.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">Which adapter
are you using?
<div><br>
<div>
<div
style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word">
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">Scott
Rossillo</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">Smartling
| Senior Software Engineer</div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><a
moz-do-not-send="true"
href="mailto:srossillo@smartling.com"
target="_blank">srossillo@smartling.com</a></div>
<div
style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"></div>
</div>
</div>
<br>
<div>
<blockquote type="cite"><span>
<div>On Sep 21, 2016, at 2:03 PM, Sean
Schade <<a moz-do-not-send="true"
href="mailto:sean.schade@drillinginfo.com"
target="_blank">sean.schade@drillinginfo.com</a>>
wrote:</div>
<br>
</span>
<div><span>
<div dir="ltr">We are having an issue
where our browser application will
initiate a logout, but after
redirecting back to the application
the user is not taken to the login
screen. It appears the user is still
logged in, and can fully access the
application. I can see the session
removed in Keycloak Admin UI.
However, it appears the cookie never
gets invalidated. Here is the
redirect URL we use. Are we missing
some configuration step in the
client? I have standard flow,
implicit flow, and direct access
grants enabled. Valid redirect URIs,
Base URL, and web origins are all
configured in the client. Admin URL
is not set as we are relying only on
browser logout.<br>
<div><br>
</div>
<div>
<pre style="font-family:consolas,"liberation mono",courier,monospace;font-size:12px;margin-top:0px;margin-bottom:0px;color:rgb(51,51,51);line-height:18px"><div style="padding-left:10px;min-height:18px"><span style="color:rgb(221,17,68)"><a moz-do-not-send="true" href="https://auth.dev.drillinginfo.com/auth/realms/dev/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2Fapp.dev.drillinginfo.com/gallery/" target="_blank">https://auth.dev.drillinginfo.<wbr>com/auth/realms/dev/protocol/o<wbr>penid-connect/logout?redirect_<wbr>uri=https%3A%2F%2Fapp.dev.<wbr>drillinginfo.com/gallery/</a></span></div></pre></div></div></span>
______________________________<wbr>_________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-user</a></div></blockquote></div>
</div></div></blockquote></div>
</div>
</div></div></blockquote></div>
</div>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote><p>
</p></body></html>