Home > Software engineering >  Logout via Spring Cloud Gateway does not work with Spring Security, OIDC and Keycloak
Logout via Spring Cloud Gateway does not work with Spring Security, OIDC and Keycloak

Time:02-25

I'm running a Spring Cloud Gateway which handles the OAuth2 authentication with Keycloak. The login part from a single page application (SPA) works fine, but now I have trouble with the logout.

Here's what I have in mind:

  1. SPA sends a POST to /logout on the gateway.
  2. Gateway invalidates the session and its SESSION cookie.
  3. Gateway contacts Keycloak's end_session_endpoint, i.e. http://localhost:8080/auth/realms/demo/protocol/openid-connect/logout.
  4. User gets redirected to the SPA.

This is my current security configuration with Webflux. The code is based on the examples and information mentioned here:

  • Keycloak cookies in browser

    CodePudding user response:

    Perhaps you are doing an ajax post rather than a form post? The server can't redirect your browser to keycloak on a ajax call.

  • Related