[keycloak-user] Logout from external IDP, IDP doesn't support parameter forwarding
joerg.js.schmidt at daimler.com
joerg.js.schmidt at daimler.com
Thu Aug 31 05:16:19 EDT 2017
I added an external OIDC provider as IDP in my Keycloak config. I've configured all Endpoints including the Logout URL.
Loogin works perfectly. However when I try to logout from the external IDP, I see this URL:
<some_url>?state=9ef361c6-e94b-469d-8f72-cef2f374bff8&id_token_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.ewogInN1YiI6ICJGY0otNm1pYnNEZ3ZmWnFFN2hpSVVQNnBWTGhfWWpSQ1dROFFoMXVUeE53IiwKICJhdWQiOiAiNzE3NTdhZTgtODE1MC00MTcyLTk3NmMtZGUxZDdmZTEyOGJjIiwKICJjX2hhc2giOiAicGZMTHh5YzgxRW1rOTVpYVd0WkFCZyIsCiAiYWNyIjogImh0dHBzOi8vbG9naW4uc2VjdXJlLm1lcmNlZGVzLWJlbnouY29tL3dsL2xldmVsLTE1IiwKICJhenAiOiAiNzE3NTdhZTgtODE1MC00MTcyLTk3NmMtZGUxZDdmZTEyOGJjIiwKICJhdXRoX3RpbWUiOiAxNTA0MTY0NTY1LAogImlzcyI6ICJodHRwczovL2FwaS1jZXJ0LXRlc3QuaS5kYWltbGVyLmNvbS8iLAogImV4cCI6IDE1MDQxNzE3NjUsCiAiaWF0IjogMTUwNDE2NDU2NQp9.cRCPjvjJxpnkDsDVcSF4jne5_5EwTgF2Hd1kglPLTsw&post_logout_redirect_uri=<...>%2Fauth%2Frealms%2Fmy_realm%2Fbroker%2Fkeycloak-oidc%2Fendpoint%2Flogout_response
And then the redirect from the IDP
<some_url>/auth/realms/my_realm/broker/keycloak-oidc/endpoint/logout_response
The URL parameter "state" is not appended to the logout_response, but it seems to be necessary for keycloak to do the logout.
Is there any workaround?
Joerg
If you are not the addressee, please inform us immediately that you have received this e-mail by mistake, and delete it. We thank you for your support.
More information about the keycloak-user
mailing list