Verified Commit f6f4a5dc authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

keycloak: temporarily allow logout w/ redirect_uri

Keycloak 18.0.0 disallows this by default; enable the legacy behavior
temporarily. When this stops working, we should consider removing the
'redirect_uri' parameter entirely. Should also check if GitLab and/or
Grafafa have implemented support for alternative ways of signing out:

- https://gitlab.com/gitlab-org/gitlab/-/issues/14414
- https://github.com/grafana/grafana/issues/24643
parent d6a10825
......@@ -12,3 +12,7 @@ db=postgres
db-username={{ vault_keycloak_db_user }}
db-password={{ vault_keycloak_db_password }}
db-url=jdbc:postgresql://localhost/{{ keycloak_db_name }}
# temporarily re-enable calling the logout endpoint with a 'redirect_uri' param
# https://www.keycloak.org/2022/04/keycloak-1800-released#_openid_connect_logout
spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment