From c8ca0462a4e5dd09aac08da9b65328ebae2f5766 Mon Sep 17 00:00:00 2001 From: mposolda Date: Thu, 3 Oct 2024 12:20:57 +0200 Subject: [PATCH] Prevent multiple logout confirmation actions closes #32435 Signed-off-by: mposolda --- .../org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java | 2 +- themes/src/main/resources/theme/base/login/logout-confirm.ftl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java index 721461516e..b0eadc6649 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java @@ -339,7 +339,7 @@ public class LogoutEndpoint { SessionCodeChecks checks = new LogoutSessionCodeChecks(realm, session.getContext().getUri(), request, clientConnection, session, event, code, clientId, tabId); checks.initialVerify(); - if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.LOGGING_OUT.name(), ClientSessionCode.ActionType.USER) || !checks.isActionRequest() || !formData.containsKey("confirmLogout")) { + if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.LOGGING_OUT.name(), ClientSessionCode.ActionType.USER) || !checks.isActionRequest()) { AuthenticationSessionModel logoutSession = checks.getAuthenticationSession(); String errorMessage = "Failed verification during logout."; logger.debugf( "%s logoutSessionId=%s, clientId=%s, tabId=%s", diff --git a/themes/src/main/resources/theme/base/login/logout-confirm.ftl b/themes/src/main/resources/theme/base/login/logout-confirm.ftl index 6c0b4e97b6..2ac4c7717c 100644 --- a/themes/src/main/resources/theme/base/login/logout-confirm.ftl +++ b/themes/src/main/resources/theme/base/login/logout-confirm.ftl @@ -6,7 +6,7 @@

${msg("logoutConfirmHeader")}

-
+