Skip to content

Logout not working after removing Identity Provider of user #31724

New issue
New issue
Closed
#34059
Closed
Logout not working after removing Identity Provider of user#31724
#34059
Assignees
sguilhen
Labels
area/identity-brokeringkind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.0.2release/26.1.0team/core-iam
@karlokoloda

Description

@karlokoloda
karlokoloda
opened on Jul 29, 2024

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

identity-brokering

Describe the bug

If a identity provider gets deleted while a user is logged in via that IdP logout for the user fails.
Tested with 24.0.5 and 25.0.2

Keycloak logs show error:
ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-1135) Uncaught server error: org.keycloak.broker.provider.IdentityBrokerException: Identity Provider [testalias] not found. at org.keycloak.services.resources.IdentityBrokerService.getIdentityProvider(IdentityBrokerService.java:1261) at org.keycloak.services.managers.AuthenticationManager.browserLogout(AuthenticationManager.java:654) at org.keycloak.protocol.oidc.endpoints.LogoutEndpoint.initiateBrowserLogout(LogoutEndpoint.java:760) at org.keycloak.protocol.oidc.endpoints.LogoutEndpoint.doBrowserLogout(LogoutEndpoint.java:455) at org.keycloak.protocol.oidc.endpoints.LogoutEndpoint.logout(LogoutEndpoint.java:316) at org.keycloak.protocol.oidc.endpoints.LogoutEndpoint$quarkusrestinvoker$logout_848e83dc4b7fe387aba74b0a2d28d9aed65d040d.invoke(Unknown Source) at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147) at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582) at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:840)

Version

24.0.5

Regression

  • The issue is a regression

Expected behavior

Either logout the users before the IdP is removed or allow logout even if the IdP is missing.

Actual behavior

Logout for the user fails. (Session can not be logged out even via Admin UI)

How to Reproduce?

  1. Add a Identity provider to keycloak
  2. Log in to a account federated by that IdP
  3. While logged in, remove IdP via Admin UI or API
  4. Try to logout the user either via account, your app or via admin UI

Anything else?

No response

Metadata

Metadata

Assignees

Labels

area/identity-brokeringkind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.0.2release/26.1.0team/core-iam

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions