I'm not finding the "Valid post logout URIs" field

jvhk · October 18, 2022, 7:24pm

I’m using Keycloak 18.0.0 and I found an update on logout (https://www.keycloak.org/2022/04/keycloak-1800-released#_openid_connect_logout) where it is necessary to register a post logout redirect URI in the Valid post logout URIs field within the Keycloak interface. But this field is not appearing for me in the client settings.

What could be causing this?

xgp · October 18, 2022, 8:32pm

AFAIK it’s only available in the “new” admin console UI. For that, you have to go into Realm settings → Themes and switch the Admin theme to keycloak.v2.

jvhk · October 18, 2022, 8:45pm

It doesn’t seem to be available for version 18.0.0.

I did a local install and realized that in version 19.0.3 this theme is already by default. However, in the project I’m working on, we use version 18.0.0 and we’re having problems using logout with Redirect URIs, precisely because of the logout update of the release.

xgp · October 19, 2022, 6:26am

Good point. I don’t know of another way to do it other than to upgrade to 19.

mbonn · October 19, 2022, 7:28am

Keycloak 18 takes the configured valid login redirect URIs as valid post logout redirects. If that is ok for you, there’s no need to upgrade to the (buggy) 19 version with that (more buggy) new admin console…

jvhk · October 19, 2022, 5:11pm

@mbonn in this case should i continue using post_logout_redirect_uri or should i use redirect_uri as url pattern for $keycloak.logout() ?

jvhk · October 19, 2022, 5:48pm

i’ve tried using redirect URIs this way:

this.$keycloak.logout({ redirectUri: "myRedirectUriHere", id_token_hint: myIdTokenHere });

In this attempt I got an attempt to redirect to the correct route, but with a return message “Invalid redirect uri”.
If i pass:

this.$keycloak.logout({ post_logout_redirect_uri: "myRedirectUriHere", id_token_hint: myIdTokenHere });

the logout is sucessfully, but route redirection doesn’t work.

weltonrodrigo · October 19, 2022, 7:56pm

I confirmed that 18 don’t have a “valid post logout url” for the clients in the admin console. Not sure why. The redirect URI field should work.

Looking at the code, I think the javascript adapter should be used as

keycloak.logout({
    redirectUri: "myRedirectUriHere"
});

The ID Token should be handled automatically.

The adapter code has this snipped, which I belive shows that the redirectUri is used to build the post_logout_redirect_uri and the it_token_hint is filled automatically:

    kc.createLogoutUrl = function(options) {
        var url = kc.endpoints.logout()
            + '?client_id=' + encodeURIComponent(kc.clientId)
            + '&post_logout_redirect_uri=' + encodeURIComponent(adapter.redirectUri(options, false));

        if (kc.idToken) {
            url += '&id_token_hint=' + encodeURIComponent(kc.idToken);
        }

        return url;
    }

Topic		Replies	Views
Keycloak 18 and admin console logout Getting advice admin-console	0	816	May 26, 2022
Keycloak redirect URI logout Getting advice client-configuration	3	9786	June 16, 2023
Backchannel Logout URL parameter in Admin interface Getting advice	0	386	June 21, 2022
Logging out with OIDC, post_redirect_uri and client_id Configuring the server	2	10959	March 5, 2024
Unsupported redirect_uri parameter in the logout resource Getting advice oidc	0	765	November 15, 2021

I'm not finding the "Valid post logout URIs" field

Related Topics