Bug 1386529 - Logout URL (logoutURL) cannot be set for each multiple authentication providers
Summary: Logout URL (logoutURL) cannot be set for each multiple authentication providers
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.2.0
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
: ---
Assignee: Jordan Liggitt
QA Contact: Chuan Yu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-19 08:20 UTC by Kenjiro Nakayama
Modified: 2019-12-16 07:09 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-03-12 13:54:36 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Kenjiro Nakayama 2016-10-19 08:20:22 UTC
Description of problem:
===
- Logout URL (logoutURL) is not set for each of multiple authentication providers

Version-Release number of selected component (if applicable):
===
- OCP 3.3 (Hopefully, backport to 3.2)

How reproducible:
===
Steps to Reproduce:
1. Set up multiple authentication providers
2. OpenID needs this logoutURL:
  ~~~
  assetConfig:
    ...
    logoutURL: "https://$YOUR_KEYCLOAK_SERVER/auth/realms/$YOUR_REALM/protocol/openid-connect/logout?redirect_uri=https://$YOUR_OPENSHIFT_SERVER/console"
  ~~~
  - However, another authentication providers doenn't want to redirect this URL.

Expected results:
===
- "logoutURL" can be set for each authentication providers.

Info
===
- Doc of logoutURL
https://docs.openshift.com/container-platform/3.3/install_config/web_console_customization.html#changing-the-logout-url

Comment 1 Jordan Liggitt 2016-10-19 14:50:50 UTC
Correct, only a single remote logout URL is currently supported. Integrating with multiple possible logout URLs (different per session based on authentication provider) would be a new feature.

Comment 5 Jordan Liggitt 2016-10-27 04:42:04 UTC
tracked in https://trello.com/c/N1S5e73M

Comment 6 Simo Sorce 2017-12-13 17:00:13 UTC
We'd like to solve this problem by deferring to an external IdP like Keycloak. Is that an acceptable solution ?
If not, why not ?

Comment 7 Kenjiro Nakayama 2018-01-05 00:57:12 UTC
Hi, I'm sorry for my delay. The original requested customer already closed the ticket and I believe that it is not critical their env anymore. Then, when I have consider about c#6, it would be alright if the final goal (setting logout URL for each auth provides) could be achieved by using an external IDP.

Comment 9 Eric Rich 2018-03-12 13:54:36 UTC
This bug has been identified as a dated (created more than 3 months ago) bug. 
This bug has been triaged (has a trello card linked to it), or reviewed by Engineering/PM and has been put into the product backlog, 
however this bug has not been slated for a currently planned release (3.9, 3.10 or 3.11), which cover our releases for the rest of the calendar year. 

As a result of this bugs age, state on the current roadmap and PM Score (being below 70), this bug is being Closed - Differed, 
as it is currently not part of the products immediate priorities.

Please see: https://docs.google.com/document/d/1zdqF4rB3ea8GmVIZ7qWCVYUaQ7-EexUrQEF0MTwdDkw/edit for more details.


Note You need to log in before you can comment on or make changes to this bug.