Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-61649

Cannot logout Openshift console when configure gitlab external oidc as provider for the cluster

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 4.20.0
    • Management Console
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Important
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      Login  openshift console with gitlab external oidc as provider, after click "Log out" in console, cannot logout, still stay in openshift console page.

      Version-Release number of selected component (if applicable):

          v4.20

      How reproducible:

          Always

      Steps to Reproduce:

          1.Configure gitlab external oidc as provider 
  spec:
    oauthMetadata:
      name: ""
    oidcProviders:
    - claimMappings:
        groups:
          claim: groups
          prefix: 'oidc-groups-test:'
        username:
          claim: email
          prefix:
            prefixString: 'oidc-user-test:'
          prefixPolicy: Prefix
      issuer:
        audiences:
        - <CLIENT_ID>
        issuerURL: https://gitlab.com
      name: gitlab-oidc
      oidcClients:
      - clientID: <CLIENT_ID>
        clientSecret:
          name: <GITLAB-SECRET>
        componentName: console
        componentNamespace: openshift-console
        extraScopes:
        - email
        - profile
    serviceAccountIssuer: ""
    type: OIDC

      2. Login Openshift console, it logins succeed
      3. Then logout console, cannot log out, still in Openshift console page, see video https://drive.google.com/file/d/1G773CUWDYYy6-Ici0yAnACGEDupdwShL/view?usp=drive_link .

          Actual results:{code:none}
    Cannot logout from Openshift console like other providers as in "Additional info"

      Expected results:

          Should logout successfully.

   Or provide reasonable UX message to user instead of misleadingly unable to log out.

      Additional info:

      The issue is not seen with other providers like Keycloak / Ping Identity; clicking "Log out" directly redirects us to the provider logout page to be able to log out.

              rh-ee-leoli Leo Li
              rhn-support-wewang Wen Wang
              None
              None
              Wen Wang Wen Wang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: