Bug 57475 – OIDC logout: missing id_token_hint

Bug 57475 - OIDC logout: missing id_token_hint


Summary:	OIDC logout: missing id_token_hint

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	OpenID Connect
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-8-errata
Assigned To:	Christian Castens
QA Contact:	Dirk Wiesenthal

URL:	https://git.knut.univention.de/univen...
Keywords:

Duplicates:	57507 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2024-07-30 12:52 CEST by Tim Breidenbach
Modified:	2024-08-21 15:34 CEST (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.023
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Breidenbach

2024-07-30 12:52:19 CEST

UCS: 5.0-8 errata1088

If you configure the umc to use oidc and click on "logout" you will see another popup (from the Keycloak) asking to logout. If you confirm you are logged out.


My first search found a configuration option which should be given to the idp (and we do not send this).

I assume "id_token_hint" is missing.

Comment 2 Felix Botner

2024-08-07 10:25:21 CEST

*** Bug 57507 has been marked as a duplicate of this bug. ***

Comment 3 Christian Castens

2024-08-15 10:13:50 CEST

`id_token_hint` is now used during logout. The additional Keycloak logout dialog does not show up anymore.

UCS 5.0-8
univention-management-console.yaml
a24c56208c1e | Bug #57475: yaml

univention-management-console (12.0.34-5)
dc46bfdffbf3 | Bug #57475: add oidc-id-token hint to disable logout confirmation dialog

ucs-test (10.0.22-55)
dc46bfdffbf3 | Bug #57475: add oidc-id-token hint to disable logout confirmation dialog

UCS 5.2
univention-management-console (14.0.26)
eadd0949bcfc | Bug #57475: add oidc-id-token hint to disable logout confirmation dialog

ucs-test (12.0.143)
eadd0949bcfc | Bug #57475: add oidc-id-token hint to disable logout confirmation dialog

Comment 4 Dirk Wiesenthal

2024-08-20 15:28:30 CEST

Tests: OK
YAML: OK
Code change: OK

Comment 5 Dirk Wiesenthal

2024-08-21 15:34:57 CEST

<https://errata.software-univention.de/#/?erratum=5.0x1104>