[NIFI-7584] LOG OUT button does not work when OpenID Connect is used for authentication - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.11.4, 1.12.1
Fix Version/s: 1.13.0
Component/s: Core UI
Labels:
- UI
- bug
- logout
- oidc
Environment:
CentOS Linux 7

Description

When nifi-1.11.4 is integrated with Okta OpenID Connect for authentication, 'LOG OUT' button on the front page does not work. It does not log a user out properly without redirecting to the Logout Redirect URL.

When the button is clicked, the following message is displayed on the browser

{"errorCode":"invalid_client","errorSummary":"Invalid value for 'client_id' parameter.","errorLink":"invalid_client","errorId":"oae_YfJRUHCQe-BqYnPw6opFg","errorCauses":[]}

The button makes a GET request to the following address.

https://{hostname}.okta.com/oauth2/v1/logout?post_logout_redirect_uri=https%3A%2F%2F{nifi server dns name}%3A{port number}%2Fnifi-api%2F..%2Fnifi

According to Okta document https://developer.okta.com/blog/2020/03/27/spring-oidc-logout-options, the logout endpoint format should be as shown below:

https://dev-123456.okta.com/oauth2/default/v1/logout?id_token_hint=<id-token>&post_logout_redirect_uri=http://localhost:8080/

And it seems that post_logout_redirect_uri should be "https://{nifi server dns name}:{port number}/nifi-api/access/oidc/logout"

Attachments

Issue Links

links to

GitHub Pull Request #4582

GitHub Pull Request #4593

Sub-Tasks

1.

Create a Logout page for OIDC

Resolved

Margot Tien

100%

Original Estimate - Not Specified

Original Estimate - Not Specified

Time Spent - 1h

Activity

People

Assignee:: Margot Tien

Reporter:: W Chang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 25/Jun/20 22:39

Updated:: 29/Jan/21 22:07

Resolved:: 27/Oct/20 21:47

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

6h 20m

Include sub-tasks