Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support multiple post.logout.redirect.uris #800

Closed
Tracked by #1178
andres32168 opened this issue Oct 17, 2022 · 3 comments
Closed
Tracked by #1178

Support multiple post.logout.redirect.uris #800

andres32168 opened this issue Oct 17, 2022 · 3 comments
Assignees
@Motouom
Labels
enhancement

Comments

@andres32168
Copy link

andres32168 commented Oct 17, 2022
edited
Loading

Problem Statement

Currently it's not possible to add more then 1 post.logout.redirect.uri in yaml config

This is possible:
`
clients:

  • clientId: my-client1
    protocol: openid-connect
    enabled: true
    name: my-client1
    description: n.a.
    bearerOnly: false
    publicClient: true
    standardFlowEnabled: true
    implicitFlowEnabled: false
    directAccessGrantsEnabled: false
    serviceAccountsEnabled: false
    attributes:
    pkce.code.challenge.method: S256
    use.refresh.tokens: true
    post.logout.redirect.uris: /URI1
    `

This is not possible and will give an error

Cannot deserialize value of type java.lang.String from Array value (token JsonToken.START_ARRAY)
at [Source: UNKNOWN; byte offset: #UNKNOWN] (through reference chain: de.adorsys.keycloak.config.model.RealmImport["clients"]->java.util.ArrayList[6]->org.keycloak.representations.idm.ClientRepresentation["attributes"]->java.util.LinkedHashMap["post.logout.redirect.uris"])

`

  • clientId: my-client1
    protocol: openid-connect
    enabled: true
    name: my-client1
    description: n.a.
    bearerOnly: false
    publicClient: true
    standardFlowEnabled: true
    implicitFlowEnabled: false
    directAccessGrantsEnabled: false
    serviceAccountsEnabled: false
    attributes:
    pkce.code.challenge.method: S256
    use.refresh.tokens: true
    post.logout.redirect.uris:
    - /URI1
    - /URI2
    - /URI3
    `

Proposed Solution

No response

Environment

  • Keycloak Version: 19.0.0, 19.0.1
  • keycloak-config-cli Version: v5.3.0, v5.3.1
  • Java Version: 11

Additional information

It's possible to allow all configured redirect.uris with +

like
post.logout.redirect.uris: '+'

This is only a workaround because post.logout.redirect.uris and redirect.uris can be different.

Acceptance Criteria

  • As a user I'd like to add more then 1 post.logout.redirect.uris
@tbroyer
Copy link
Contributor

tbroyer commented Oct 20, 2022

AFAIK, attributes are all strings. For multivalued attributes, values are simply separated by ##, so

post.logout.redirect.uris: "/URI1##/URI2##/URI3"

keycloak-config-cli format is (almost) the same as that of an export from Keycloak itself, where you can see this ## separator.
Or in the code, see:
https://github.com/keycloak/keycloak/blob/6efa45f93ee385ede866d66ebb0f6284abdb4f57/services/src/main/java/org/keycloak/protocol/oidc/AbstractClientConfigWrapper.java#L65-L69
and
https://github.com/keycloak/keycloak/blob/f49582cf63db5b83b399e43a1530b06b18edfad4/server-spi-private/src/main/java/org/keycloak/models/Constants.java#L109-L114

@thomasdarimont
Copy link
Contributor

How about creating a PR with a doc snippet for https://github.com/adorsys/keycloak-config-cli/blob/main/docs/FEATURES.md ?

@Motouom
Copy link
Collaborator

Motouom commented Nov 1, 2024

Hello @andres32168.

You are getting the error because you are importing the post.logout.redirect.uris in the wrong way.
To do so in the right way, you can refer to this part of the code to see how it is done.

What it says is that, you need to use ## to add multiple values into a single string like on the post.logout.redirect.uris

Here are the steps on how to go about it:

  1. open the import
  2. On your attributes where you want to add multiple post.logout.redirect.uris, you need to go as such:
      "attributes": {
        "post.logout.redirect.uris": "https://app1.example.com/logout##https://app2.example.com/logout##https://app3.example.com/logout"
      },

Or get a somple config file to test

{
  "realm": "your-realm",
  "clients": [
    {
      "clientId": "your-client-id",
      "enabled": true,
      "redirectUris": [
        "https://app1.example.com/callback",
        "https://app2.example.com/callback",
        "https://app3.example.com/callback"
      ],
      "webOrigins": [
        "https://app1.example.com",
        "https://app2.example.com",
        "https://app3.example.com"
      ],
      "attributes": {
        "post.logout.redirect.uris": "https://app1.example.com/logout##https://app2.example.com/logout##https://app3.example.com/logout"
      },
      "protocol": "openid-connect",
      "publicClient": false,
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "directAccessGrantsEnabled": true,
      "serviceAccountsEnabled": false,
      "authorizationServicesEnabled": false,
      "fullScopeAllowed": true
    }
  ]
}

once you load it, this is what you should see on your UI.
Image

@Motouom Motouom self-assigned this Nov 1, 2024
@francis-pouatcha francis-pouatcha mentioned this issue Oct 31, 2024
Open
16 tasks
@Motouom Motouom closed this as completed Nov 7, 2024
@Motouom Motouom mentioned this issue Nov 18, 2024
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Motouom Motouom

Labels
enhancement
Projects
os-competence-center-board
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tbroyer @thomasdarimont @andres32168 @Motouom