I am trying to integrate Keycloak with Kafka-UI, using the OIDC (OpenID Connect) protocol for Single Sign-On (SSO) and Single Logout (SLO). I have successfully implemented SSO with the identity provider, but I am facing an issue with SLO.
My expectation is that when I log out from Keycloak, I should be logged out from all clients, and vice versa. However, when I log out from Kafka-UI, I am logged out from Keycloak as expected, but the reverse does not work — logging out from Keycloak does not log me out from Kafka-UI.
Here are the configuration setting for these services:
Kafka-UI config:
auth:
type: OAUTH2
oauth2:
client:
keycloak:
clientId: kafka-ui
clientSecret: ******
scope: openid
issuer-uri: https://keycloak/realms/myrealm
user-name-attribute: preferred_username
client-name: keycloak
provider: keycloak
custom-params:
type: keycloak
logoutUrl: https://keycloak/realms/myrealm/protocol/openid-connect/logout
Keycloak setting:
Client ID: kafka-ui
Enabled: ON
Client Protocol: openid-connect
Standard Flow Enabled: ON
Implicit Flow Enabled: OFF
Direct Access Grants Enabled: ON
OAuth 2.0 Device Authorization Grant Enabled: ON
Root URL: https://kafka-ui
Valid Redirect URIs: https://kafka-ui/*
Web Origins: https://kafka-ui
Admin URL: https://kafka-ui
Root URL: https://kafka-ui
Valid post logout redirect URIs: https://kafka-ui/logout
Front channel logout Enabled: ON
Front-channel logout URL : https://kafka-ui/logout
Backchannel logout URL: https://kafka-ui/logout
Backchannel logout session required Enabled: ON
Backchannel logout revoke offline sessions Enabled: ON / OFF
Has anyone experienced a similar issue or know how to resolve it?