06bc4af50e
* Remove WildFly distribution from documentation Closes #1665 * Update server_admin/topics/authentication/webauthn.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Update upgrading/topics/install_new_version.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Update upgrading/topics/migrate_db.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Update upgrading/topics/migrate_db.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Update server_admin/topics/realms/ssl.adoc * Update server_admin/topics/user-federation/ldap.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Update server_development/topics/providers.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Update server_development/topics/providers.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Remove section on cilent cert lookup in x509.adoc * Update securing_apps/topics/oidc/fapi-support.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Add missing images for rh-sso images by moving to shared images as we won't have RH-SSO specific theme anymore Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
14 lines
No EOL
1.3 KiB
Text
14 lines
No EOL
1.3 KiB
Text
= OpenID Connect Logout Prompt
|
|
At Keycloak 18.0.0, the logout is now compatible with the new OIDC specification, which changed the handling for the url parameters. However, to also remain compatible with earlier versions, a compatibility flag is introduced. See the link:{upgradingguide_link}#openid-connect-logout[{upgradingguide_name}] for further information for the backwards compatibility option, which allows your application to still use the old format for the url parameters.
|
|
|
|
While the url parameters can now be configured to be compatible, there was still one incompatibility with keycloak 17 and earlier releases. If the user does not provide an valid `idTokenHint`, a logout prompt appears instead of a successful logout redirect. Therefore, a new compatibility flag `suppress-logout-confirmation-screen` is introduced to suppress the logout screen.
|
|
|
|
You can enable this parameter when you start the server by entering the following command:
|
|
|
|
```
|
|
bin/kc.[sh|bat] --spi-login-protocol-openid-connect-suppress-logout-confirmation-screen=true start
|
|
```
|
|
|
|
With this configuration, you can still use the logout endpoint without a user prompt.
|
|
|
|
WARNING: The backwards compatibility switch will be removed in some future version - probably Keycloak 23. You are encouraged to update your clients as soon as possible as described above rather than rely on this switch. |