Spring: adapter-core logout uses Frontend URL from backend #10657
Unanswered
kernalex-exx
asked this question in
Q&A
Replies: 1 comment 2 replies
-
Hi @kernalex-exx, I stumbled upon the very same issue. Can you share your workaroung wrapping Nevertheless I am interested in a better solution as well. |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am working on a legacy application using Spring, GWT and Keycloak. After a migration in new infrastructure we started to configure the Frontend URL in Keycloak and configuring the application with the internal URL:
It worked without any problems with both applications configured correctly. The redirection in the browser uses the frontendUrl, debgging shows that endpoints are called with the backendUrl.
But after activating a Network Policy which prohibits the application to call the frontendUrl directly I noticed that the logout/end_session_endpoint from .well-known/openid-configuration endpoint configures the frontendUrl. I understand why that is for frontend-only apps, but the logout from adapter-core does not work anymore, because frontendUrl is not reachable.
I tried to move the logout into the frontend, but than I would have to invalide tokens manually and introduce a big change. Instead I was able to wrap KeycloakDeployment and override getLogoutUrl().
But that does not feel like the right solution, but I am not sure in which direction to go from here.
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions