-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logout with OIDC not working #8369
Comments
There is at least one other user experiencing this issue according to the slack thread:
|
This issue is stale because it has been open for 30 days with no activity. If you believe this is still an issue on the latest DataHub release please leave a comment with the version that you tested it with. If this is a question/discussion please head to https://slack.datahubproject.io. For feature requests please use https://feature-requests.datahubproject.io |
This is still an issue, and also confirmed by other people in the the slack thread. |
Tested on 0.10.4 |
The pull request did not fix the issue for me, has anyone tried it? By debugging I can see that it's in the right direction: The central logout logic is triggered (in For some reason the Maybe the this issue is related, but I enabled the @FirKys this PR worked for you? Do you have some special settings regarding sessions/cookies/...? |
This issue is stale because it has been open for 30 days with no activity. If you believe this is still an issue on the latest DataHub release please leave a comment with the version that you tested it with. If this is a question/discussion please head to https://slack.datahubproject.io. For feature requests please use https://feature-requests.datahubproject.io |
Still an issue, tested on 0.10.4 |
This issue is stale because it has been open for 30 days with no activity. If you believe this is still an issue on the latest DataHub release please leave a comment with the version that you tested it with. If this is a question/discussion please head to https://slack.datahubproject.io. For feature requests please use https://feature-requests.datahubproject.io |
Still no response, still an issue, please keep open |
I also have this issue in my deployment |
This issue is stale because it has been open for 30 days with no activity. If you believe this is still an issue on the latest DataHub release please leave a comment with the version that you tested it with. If this is a question/discussion please head to https://slack.datahubproject.io. For feature requests please use https://feature-requests.datahubproject.io |
still an issue, please keep open |
This issue is stale because it has been open for 30 days with no activity. If you believe this is still an issue on the latest DataHub release please leave a comment with the version that you tested it with. If this is a question/discussion please head to https://slack.datahubproject.io. For feature requests please use https://feature-requests.datahubproject.io |
Still an issue ; I'm still logged in even after logging out from the UI - tested on 0.12.1 |
I am seeing this issue on a datahub deployed on k8s with version 0.12.1 |
This issue is stale because it has been open for 30 days with no activity. If you believe this is still an issue on the latest DataHub release please leave a comment with the version that you tested it with. If this is a question/discussion please head to https://slack.datahubproject.io. For feature requests please use https://feature-requests.datahubproject.io |
Still an issue ; if you want any specific details about the setup/scenario don't hesitate to reach :) |
This issue is stale because it has been open for 30 days with no activity. If you believe this is still an issue on the latest DataHub release please leave a comment with the version that you tested it with. If this is a question/discussion please head to https://slack.datahubproject.io. For feature requests please use https://feature-requests.datahubproject.io |
This issue is stale because it has been open for 30 days with no activity. If you believe this is still an issue on the latest DataHub release please leave a comment with the version that you tested it with. If this is a question/discussion please head to https://slack.datahubproject.io. For feature requests please use https://feature-requests.datahubproject.io |
This issue was closed because it has been inactive for 30 days since being marked as stale. |
Still experiencing this issue - can we please re-open this? Thanks. |
@LucaDorinAnton - Can you confirm that the logout url is configured in your oidc provider? It should point to the login page |
@david-leifker Just to confirm, do you mean https://openid.net/specs/openid-connect-backchannel-1_0.html#BCRegistration |
From okta, the configuration is |
@david-leifker , It's been a while since I tried to debug this issue, so I don't remember very well. But I think datahub only clears the session, and doesn't call the logout endpoint of the Oidc Provider at all (See my original post and this comment). |
Similarly to @BramMeerten, we're also using KeyCloak and we allow any redirect URI. I tried inspecting the network traffic and I haven't seen DataHub attempting to use the |
I'm having this same issue in v0.13.3. I'm taken back to the landing page after I click the /logOut url. I can however logout in two steps - by accessing the "end_session_endpoint" url in my .well-known configuration and then the datahub /logOut url. |
I have also been through this issue in v0.14.0.2.
I skipped to open new session when oidc enabled, then the session will be redirect to "/login" at the final line. |
@minsql I've tried your solution but didn't work as expected in my case: the user was redirected to login page (as expected) but didn't invalidate his application access - if he goes to home page again, he will be logged. Then, I write some code and opened a PR to fix this. In a nutshel, now there's a piece of code that grabs the logout URL ( PR: #11388 Hope it helps. |
Describe the bug
I configured OIDC following the datahub guide and I disabled JAAS. I used keycloak as an identity provider.
Login works fine. When I try to logout I'm redirected to
https://<my-datahub>/login
*, but I'm nog logged out with my identity provider. So when I go back to datahub I'm automatically logged in again and can't switch accounts.*This is also weird because I get a username/password form (+ sso button), but I have disabled JAAS and can't login with username/password.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I'm also logged out with my identity provider so I can switch accounts.
Desktop
Brave 1.52.129 Chromium: 114.0.5735.198 (Official Build)
Additional context
I suspect this pull request (play framework upgrade) has introduced the problem:
https://github.com/datahub-project/datahub/pull/6626/files#diff-7cbee1cea8c44e4aa618564185bfcffbb23b1dd42e83c2c8bb3f381cc9b77cf5
The CentralLogoutController calls the
setCentralLogout(true)
method of its parent (LogoutController
). This should make sure your also logged out with your identity provider.But on line 39 the
logout
method ofLogoutController
is no longer called. It seems it just clears the session and redirects to/login
The text was updated successfully, but these errors were encountered: