[ https://issues.apache.org/jira/browse/NIFI-7584?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nathan Gough reassigned NIFI-7584: ---------------------------------- Assignee: Nathan Gough > LOG OUT button does not work when OpenID Connect is used for authentication > --------------------------------------------------------------------------- > > Key: NIFI-7584 > URL: https://issues.apache.org/jira/browse/NIFI-7584 > Project: Apache NiFi > Issue Type: Bug > Components: Core UI > Affects Versions: 1.11.4 > Environment: CentOS Linux 7 > Reporter: W Chang > Assignee: Nathan Gough > Priority: Critical > Labels: UI, bug, logout, oidc > > When nifi-1.11.4 is integrated with Okta OpenID Connect for authentication, > 'LOG OUT' button on the front page does not work. It does not log a user out > properly without redirecting to the Logout Redirect URL. > When the button is clicked, the following message is displayed on the browser > {code:java} > {"errorCode":"invalid_client","errorSummary":"Invalid value for 'client_id' > parameter.","errorLink":"invalid_client","errorId":"oae_YfJRUHCQe-BqYnPw6opFg","errorCauses":[]}{code} > The button makes a GET request to the following address. > [https://\{hostname}.okta.com/oauth2/v1/logout?post_logout_redirect_uri=https%3A%2F%2F\{nifi > server dns name}%3A\{port > number}%2Fnifi-api%2F..%2Fnifi|https://dev-309877.okta.com/oauth2/v1/logout?post_logout_redirect_uri=https%3A%2F%2Fplanet-dl-dev-1.mitre.org%3A9443%2Fnifi-api%2F..%2Fnifi] > According to Okta document > [https://developer.okta.com/blog/2020/03/27/spring-oidc-logout-options,] the > logout endpoint format should be as shown below: > {{[https://dev-123456.okta.com/oauth2/default/v1/logout?id_token_hint=]<id-token>&post_logout_redirect_uri=[http://localhost:8080/]}} > > {{And it seems that post_logout_redirect_uri should be "https://\{nifi > server dns name}:\{port number}/nifi-api/access/oidc/logout"}} > > > -- This message was sent by Atlassian Jira (v8.3.4#803005)