[keycloak-dev] Generating logout / account links in secured web app
Marko Strukelj
mstrukel at redhat.com
Tue May 26 11:03:01 EDT 2015
I've been trying to make sure that logout functionality works properly within demos deployed on AS7/Wildfly, with Keycloak server in another WF instance on a different port.
Debug stepping through code I can see that there is properly configured org.keycloak.adapters.KeycloakDeployment instance available which contains all the proper info, yet is not used in demo apps.
Rather, the demo apps manually compose relative urls which then point to the local instance rather than remote instance where Keycloak server resides.
For example, customer-app.war/customers/view.jsp contains:
String logoutUri = KeycloakUriBuilder.fromUri("/auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.queryParam("redirect_uri", "/customer-portal").build("demo").toString();
String acctUri = KeycloakUriBuilder.fromUri("/auth").path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH)
.queryParam("referrer", "customer-portal").build("demo").toString();
These both produce relative urls ... org.keycloak.util.KeycloakUriBuilder looks like it could be part of public API, org.keycloak.constants.ServiceUrlConstants could be problematic as public API since final string fields are copied over to classes using them at compile time.
But anyway ... I would like a way in my webapp to get to information that's in KeycloakDeployment, specifically #getLogoutUrl(), and #getAccountUrl().
By itself KeycloakDeployment doesn't look API ready, also there's ?redirect_uri= or ?referer= to be specified so there must be some other utility or API classes that can return the proper urls using already available info. Makes no sense to manually compose them in round-about and error prone ways from my app ...
Is there a known way to achieve this or is this something we can add - maybe to org.keycloak.adapters.AdapterUtils.
Also, I'm not sure that AdapterUtils.getOriginForRestCalls() works properly by returning a relative url on NEVER in the case when server is on a different host / port than secured web app.
More information about the keycloak-dev
mailing list