Logout does not work with openid/keycloak
Closed this issue · 1 comments
eastclintw00d commented
I am trying to migrate a server from shinyproxy 3.0.2 to 3.1.1. Everything worked fine so far only the logout button is not working. It leads to the /logout-success endpoint but if I click on “Login again” I am directly logged in and land on the index page.
Here is the relevant part of my config:
proxy:
title: Some Title
hide-navbar: false
# landing-page: /app/dashboard
template-path: ./templates/mytemplate
logo-url: https://some/logo/url.svg
favicon-path: /www/favicon.png
heartbeat-rate: 10000
heartbeat-timeout: 600000
container-wait-time: 60000
port: 8080
admin-groups: admin
authentication: openid
openid:
auth-url: https://identity.services.example.com/auth/realms/TEST/protocol/openid-connect/auth
token-url: https://identity.services.example.com/auth/realms/TEST/protocol/openid-connect/token
jwks-url: https://identity.services.example.com/auth/realms/TEST/protocol/openid-connect/certs
client-id: Testclient
client-secret: <<my-secret>>
username-attribute: email
roles-claim: realm_roles
logout-url: https://my.example.com/logout-success
docker:
internal-networking: true
specs:
[...]
logging:
level:
root: DEBUG
file:
shinyproxy.log
server:
forward-headers-strategy: "native"
servlet.session.timeout: 3600
And here is what the DEBUG log says:
2024-09-10T11:06:52.888Z DEBUG 1 --- [ XNIO-1 task-8] io.undertow.request.security : Attempting to authenticate /logout, authentication required: false
2024-09-10T11:06:52.888Z DEBUG 1 --- [ XNIO-1 task-8] io.undertow.request.security : Authentication outcome was NOT_ATTEMPTED with method io.undertow.security.impl.CachedAuthenticatedSessionMechanism@73b8e122 for /logout
2024-09-10T11:06:52.889Z DEBUG 1 --- [ XNIO-1 task-8] io.undertow.request.security : Authentication result was ATTEMPTED for /logout
2024-09-10T11:06:52.889Z DEBUG 1 --- [ XNIO-1 task-8] io.undertow.request : Matched default handler path /logout
2024-09-10T11:06:52.889Z DEBUG 1 --- [ XNIO-1 task-8] io.undertow.request : Matched default handler path /logout
2024-09-10T11:06:52.891Z DEBUG 1 --- [ XNIO-1 task-8] o.s.security.web.FilterChainProxy : Securing GET /logout
2024-09-10T11:06:52.891Z DEBUG 1 --- [ XNIO-1 task-8] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [test@dummy.com], Granted A>
2024-09-10T11:06:52.892Z DEBUG 1 --- [ XNIO-1 task-8] o.s.s.w.a.logout.LogoutFilter : Logging out [OAuth2AuthenticationToken [Principal=Name: [test@dummy.com], Granted Authorities: [[OIDC_USER, SCOPE_em>
2024-09-10T11:06:52.892Z INFO 1 --- [ XNIO-1 task-8] e.o.containerproxy.service.UserService : User logged out [user: test@dummy.com]
2024-09-10T11:06:52.892Z DEBUG 1 --- [ XNIO-1 task-8] io.undertow.session : Invalidating session eT7apEnoV_Cfce_vhh9NlttH2iNQkv0YDIUY4KV2 for exchange HttpServerExchange{ GET /logout}
2024-09-10T11:06:52.892Z DEBUG 1 --- [ XNIO-1 task-8] o.s.s.w.s.HttpSessionEventPublisher : Publishing event: org.springframework.security.web.session.HttpSessionDestroyedEvent[source=io.undertow.servlet.spec.HttpSessionImpl@3adb5>
2024-09-10T11:06:52.893Z DEBUG 1 --- [ XNIO-1 task-8] o.s.s.w.a.l.SecurityContextLogoutHandler : Invalidated session eT7apEnoV_Cfce_vhh9NlttH2iNQkv0YDIUY4KV2
2024-09-10T11:06:52.894Z DEBUG 1 --- [ XNIO-1 task-8] o.s.s.web.DefaultRedirectStrategy : Redirecting to https://my.example.com/logout-success
2024-09-10T11:06:52.895Z DEBUG 1 --- [ XNIO-1 I/O-24] io.undertow.request.io : UT005013: An IOException occurred
Any hint for finding the problem is greatly appreciated.
LEDfan commented
This was answered here: https://support.openanalytics.eu/t/logout-does-not-work-with-openid-keycloak/2992/2