Keycloak Logout Request

We Are Going To Discuss About Keycloak Logout Request. So lets Start this Java Article.

Keycloak Logout Request

  1. Keycloak Logout Request

    If you are not creating your own adaptor, but using e.g. an OpenID certified library, you might want to use that library to logout, because otherwise, as ch271828n describes, you might logout from Keycloak but retain the session and access tokens…

  2. Keycloak Logout Request

    If you are not creating your own adaptor, but using e.g. an OpenID certified library, you might want to use that library to logout, because otherwise, as ch271828n describes, you might logout from Keycloak but retain the session and access tokens…

Solution 1

From the official documentation:

You can log out of a web application in multiple ways. For Java EE
servlet containers, you can call HttpServletRequest.logout().

For other browser applications, you can redirect the browser to
http://auth-server/auth/realms/{realm-name}/protocol/openid-connect/logout?redirect_uri=encodedRedirectUri, which logs you out if you have an SSO session with your browser.

To get the exact URL of the app (host, realm and redirect_uri configuration):

  • Log in to your Keycloak user account
  • Open up the developer console of the browser
  • Perform the logout operation
  • Note down the URL that was used to request for logout
  • Use the same URL from your application to perform the logout

Original Author aName Of This Content

Solution 2

If you are not creating your own adaptor, but using e.g. an OpenID certified library, you might want to use that library to logout, because otherwise, as ch271828n describes, you might logout from Keycloak but retain the session and access tokens…

In my case, I was using openresty and lua-resty-openidc

Accessing the keycloack logout url https://<keycloak-server>/auth/realms/<my-realm>/protocol/openid-connect/logout (as detailed in @aName’s answer) is done by lua after we access the opts.logout_path at https://<our-nginx-server>/service/logout

So after setting up everything correctly, all we have to do to logout is use the logout for our OpenID client at https://<our-nginx-server>/service/logout. This will destroy the session and log us out both from the client and Keycloak.

I think I had to set opts.revoke_tokens_on_logout to true, Also note that from my experiments, for some reason, setting up a redirect_after_logout_uri may result in the user not signing out due to redirections.

Here is an example of what I needed to have for nginx.conf to make this work….

location /myservice/ {

    access_by_lua_block {
        local opts = {
            redirect_uri_path = "/myservice/auth",
            discovery = "https://<keycloak-server>/auth/realms/<my-realm>/.well-known/openid-configuration",
            client_id = "<my-client-id>",
            client_secret = "<the-clients-secret>",
            logout_path = "/service/logout",
            revoke_tokens_on_logout = true,
            session_contents = {id_token=true} -- this is essential for safari!
        }
        -- call introspect for OAuth 2.0 Bearer Access Token validation
        local res, err = require("resty.openidc").authenticate(opts)

        if err then
            ngx.status = 403
            ngx.say(err)
            ngx.exit(ngx.HTTP_FORBIDDEN)
        end
    }

    # I disbled caching so the browser won't cache the site.
    expires           0;
    add_header        Cache-Control private;

    proxy_pass http://my-service-server.cloud:port/some/path/;
    proxy_set_header Host $http_host;

    proxy_http_version 1.1;
    proxy_redirect off;
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

Original Author ntg Of This Content

Conclusion

So This is all About This Tutorial. Hope This Tutorial Helped You. Thank You.

Also Read,

Siddharth

I am an Information Technology Engineer. I have Completed my MCA And I have 4 Year Plus Experience, I am a web developer with knowledge of multiple back-end platforms Like PHP, Node.js, Python and frontend JavaScript frameworks Like Angular, React, and Vue.

Leave a Comment