Hi, I have a newly deployed 9.0.2 docker container with keycloak in. When I configure my application to use it, I cannot logout. I get an error in the console :
“Can’t finish SAML logout as there is no logout binding set. Please configure the logout service url in the admin console for your client applications.”
Which I have done, otherwise, it wouldn’t be getting back to keycloak!
The request :
method POST
url https://auth.site.com/auth/realms/care/protocol/saml
body <?xml version="1.0" encoding="UTF-8"?><saml2p:LogoutRequest xmlns:saml2p=“urn:oasis:names:tc:SAML:2.0:protocol”
Destination=“https://auth.site.com/auth/realms/care/protocol/saml” ID="_fa08ef61ab01a203eea85e4912515d9b" IssueInstant=“2020-04-06T19:09:40.000Z” Version=“2.0”><saml2:Issuer xmlns:saml2=“urn:oasis:names:tc:SAML:2.0:assertion”>https://jira.site.com/plugins/servlet/samlsso</saml2:Issuer><ds:Signature xmlns:ds=“http://www.w3.org/2000/09/xmldsig#”>
ds:SignedInfo …
Shows a 400 error in the browser.
Configuring the SAML app to point at an old Keycloak I happen to still have (4.8.3) and logout suddenly works, with almost exactly the same config. (obviously changed the name of the KC server and had to create a new client on it etc. but using the same exported XML from the application)
So, is logout broken in 9.0.2 or completely different in some way??
I think I had this working in mid March (on 9.0.0 or a late 8.x maybe) so it is possibly just a 9.0.1 or 2 issue.