[
https://issues.apache.org/jira/browse/NIFI-4889?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16544275#comment-16544275
]
ASF GitHub Bot commented on NIFI-4889:
--------------------------------------
Github user Trojan295 commented on the issue:
https://github.com/apache/nifi/pull/2830
I added a fallback to simply redirect back to NiFi in case the end session
endpoint isn't present.
Tricky thing is, that NiFi automatically starts an login attempt, when an
unauthenticated user accesses NiFi. In case of an IDP like Keycloak, which has
the end session endpoint, then after logout the user is redirected back to
Keycloaks login page.
In case of Google OpenID he gets redirected to them and the SSO mechanism
logs the user again...
> Logout not working properly with OIDC
> -------------------------------------
>
> Key: NIFI-4889
> URL: https://issues.apache.org/jira/browse/NIFI-4889
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 1.5.0
> Environment: Browser: Chrome / Firefox
> Configuration of NiFi:
> - SSL certificate for the server (no client auth)
> - OIDC configuration including end_session_endpoint (see the link
> https://auth.s.orchestracities.com/auth/realms/default/.well-known/openid-configuration)
> Reporter: Federico Michele Facca
> Priority: Critical
>
> Click on logout, i would expect to logout and getting redirect to the auth
> page. But given that the session is not closed on the oauth provider, i get
> logged in again.
> I suppose the solution would be to invoke the end_session_endpoint provided
> in the openid discovery configuration.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
