Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Synapse doesn't log out from keycloak when logout from server #18106

Open
kachi-app opened this issue Jan 23, 2025 · 0 comments
Open

Synapse doesn't log out from keycloak when logout from server #18106

kachi-app opened this issue Jan 23, 2025 · 0 comments

Comments

@kachi-app
Copy link

Description

When I click on Logout button from my web apps, the sessions got cleared from synapse server, however not from Idp ( Keycloak ). I checked in to keycloak, and the sessions still exists in the client realms.
What I expected: When I logout from Synapse, Sessions in Keycloak got cleared / removed.

Steps to reproduce

  • Install and setup Keycloak version 26.0.7
  • Install Synapse Version 1.122.0
  • Implement the logout button

Homeserver

GKE Internal

Synapse Version

{"server_version":"1.122.0"}

Installation Method

Docker (matrixdotorg/synapse)

Database

PostgreSQL 15.4.0

Workers

Single process

Platform

Run in GKE, using ananace helm charts https://artifacthub.io/packages/helm/ananace-charts/matrix-synapse

Configuration


      oidc_providers:
        - idp_id: keycloak
          idp_name: "chi-space"
          issuer: "https://example.com/realms/synapse"
          client_id: "synapse"
          client_secret: "xxxx"
          scopes: [ "openid", "profile" ]
          user_mapping_provider:
            config:
              localpart_template: "{{ user.preferred_username }}"
              display_name_template: "{{ user.name }}"
          backchannel_logout_enabled: true # Optional
          backchannel_logout_ignore_sub: true

Relevant log output

{"log":"10.164.0.55 - 8008 - {@testinguserfe:example.com} Processed request: 0.139sec/0.003sec (0.010sec, 0.003sec) (0.014sec/0.071sec/9) 2B 200 \"POST /_matrix/client/v3/logout HTTP/1.1\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.33 Safari/537.36\" [0 dbevts]","namespace":"synapse.access.http.8008","level":"INFO","time":1737628567.36,"request":"POST-240","ip_address":"10.164.0.55","site_tag":"8008","requester":"@testinguserfe:example.com","authenticated_entity":"@testinguserfe:example.com","method":"POST","url":"/_matrix/client/v3/logout","protocol":"HTTP/1.1","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.33 Safari/537.36","server_name":"example.com"}


In the keycloak with Log Level Debug, there are no logs indicate that `logout` was called

Anything else that would be useful to know?

Related Issues:
#14783

As I don't know is the collaborator / maintainer will notice the issues, So i created a new issues here.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kachi-app