Can't finish SAML logout as there is no logout binding set

Hi.

I have a SSO integration with a keycloak install mostly working, except for the logout redirect. I’m using Apache Mellon with a reverse proxy. My Realm client doesn’t explicitly specify the “Logout Service POST/Redirect Binding URL” values under the “Fine Grain SAML” section, but the SAML descriptor XML definitely has the POST and Redirect SingleLogoutService bindings noted.

The SSO integration for logout will direct the user browser to: http ://proxy.test.demo/mellon/logout?ReturnTo=/camunda/app/tasklist/default/

Mellon will redirect to keycloak to log the user out:

http://proxy.test.demo/auth/realms/MyRealm/protocol/saml?SAMLRequest=...&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=...

My Chrome browser will note a 404 bad request, and in the keycloak logs I see:

23:30:49,865 ERROR [org.keycloak.protocol.saml.SamlProtocol] (default task-14) Can't finish SAML logout as there is no logout binding set. Please configure the logout service url in the admin console for your client applications.

Can anyone provide me with a clue on what the issue might be? Any help is greatly appreciated. Thank you.

Hi there,

Have you got the solution on this. I am also facing the same issue but the only difference is I am running keycloak behind nginx proxy.

Thanks you.