I'm not finding the "Valid post logout URIs" field

jvhk · October 18, 2022, 7:24pm

I’m using Keycloak 18.0.0 and I found an update on logout (https://www.keycloak.org/2022/04/keycloak-1800-released#_openid_connect_logout) where it is necessary to register a post logout redirect URI in the Valid post logout URIs field within the Keycloak interface. But this field is not appearing for me in the client settings.

What could be causing this?

xgp · October 18, 2022, 8:32pm

AFAIK it’s only available in the “new” admin console UI. For that, you have to go into Realm settings → Themes and switch the Admin theme to keycloak.v2.

jvhk · October 18, 2022, 8:45pm

It doesn’t seem to be available for version 18.0.0.

I did a local install and realized that in version 19.0.3 this theme is already by default. However, in the project I’m working on, we use version 18.0.0 and we’re having problems using logout with Redirect URIs, precisely because of the logout update of the release.

xgp · October 19, 2022, 6:26am

Good point. I don’t know of another way to do it other than to upgrade to 19.

mbonn · October 19, 2022, 7:28am

Keycloak 18 takes the configured valid login redirect URIs as valid post logout redirects. If that is ok for you, there’s no need to upgrade to the (buggy) 19 version with that (more buggy) new admin console…

jvhk · October 19, 2022, 5:11pm

@mbonn in this case should i continue using post_logout_redirect_uri or should i use redirect_uri as url pattern for $keycloak.logout() ?

jvhk · October 19, 2022, 5:48pm

i’ve tried using redirect URIs this way:

this.$keycloak.logout({ redirectUri: "myRedirectUriHere", id_token_hint: myIdTokenHere });

In this attempt I got an attempt to redirect to the correct route, but with a return message “Invalid redirect uri”.
If i pass:

this.$keycloak.logout({ post_logout_redirect_uri: "myRedirectUriHere", id_token_hint: myIdTokenHere });

the logout is sucessfully, but route redirection doesn’t work.

weltonrodrigo · October 19, 2022, 7:56pm

I confirmed that 18 don’t have a “valid post logout url” for the clients in the admin console. Not sure why. The redirect URI field should work.

Looking at the code, I think the javascript adapter should be used as

keycloak.logout({
    redirectUri: "myRedirectUriHere"
});

The ID Token should be handled automatically.

The adapter code has this snipped, which I belive shows that the redirectUri is used to build the post_logout_redirect_uri and the it_token_hint is filled automatically:

    kc.createLogoutUrl = function(options) {
        var url = kc.endpoints.logout()
            + '?client_id=' + encodeURIComponent(kc.clientId)
            + '&post_logout_redirect_uri=' + encodeURIComponent(adapter.redirectUri(options, false));

        if (kc.idToken) {
            url += '&id_token_hint=' + encodeURIComponent(kc.idToken);
        }

        return url;
    }

Topic		Replies	Views
Keycloak 18 and admin console logout Getting advice admin-console	0	894	May 26, 2022
Keycloak redirect URI logout Getting advice client-configuration	3	11761	June 16, 2023
Trouble with configuring client Valid Redirect URIs Configuring the server	1	8220	January 24, 2022
Backchannel Logout URL parameter in Admin interface Getting advice	0	534	June 21, 2022
'Valid Redirect URIs' parameter in client configuration Getting advice	1	1423	January 21, 2021

I'm not finding the "Valid post logout URIs" field

Related topics