Invalid redirect uri but redirect uri are configured in client


I’m configuring a client for SSO in Google Workspace using Keycloak as IDP. Everything is working fine with the exception of logout. When I try to logout I receive the following error: “Invalid redirect uri”

Valid Redirect URIs are configured as requested by Google. Logout URL also: https://{KEYCLOAK}/auth/realms/{MY-REALM}/protocol/openid-connect/logout?redirect_uri=

Anyone knows what I can do?

Thanks and I’m sorry for the typos

Hi. Did u tried just to ask logout without redirect ?
Just like this :

Hi! Yes. It works normally.

Try URL encoded value (it is not clear from the question what executes that URL, so if URL is URL encoded), e.g.


It’s configured on Google using encoded URL.

I would recommend to Workspace read documentation - quick google and I believe it is this one: Service provider SSO setup - Google Workspace Admin Help

If I understand this doc correctly, then only SAML SSO protocol is supported by Google Workspace, so I don’t understand why you want to use OIDC logout Keycloak URL. Don’t mix OIDC/SAML Keycloak URLs.

Open your IDP metadata (e.g. /auth/realms/icone/protocol/saml/descriptor) and find SingleLogoutService. Used Location is the same as SingleSignOnService Location usually in the Keycloak case. So I bet these URLs must be the same:

Of course Google Workspace must initiate SAML logout properly.

I followed this tutorial by Google

When the URLs are the same, it’s not possible to initiate the logout. The error is as following:


(EN: We are sorry… Invalid request.)

That seems to be very crazy setup (or genius workaround, which may work only with certain Keycloak versions). I would contact Google support first to double check their documentation. Are you sure that you don’t have any OIDC keycloak session active - Keycloak may picking that OIDC session/client during OIDC logout.

Check Web Origins option on keycloak. Should be *

FYI, this “hack” by Google no longer seems to work in Keycloak 15.0.2. It fails with an “Invalid redirect_uri” error, even when the URI is set properly on both sides.

1 Like