misp icon indicating copy to clipboard operation
misp copied to clipboard
verified publisher icon NUKIB

OIDC Logout URL

Open joeftiger opened this issue 10 months ago • 1 comments

Hello everyone

I am evaluating dockerized MISP for the past few weeks in conjunction with Keycloak for OIDC. Using MISP/misp-docker I have been able to provide a logout url for OIDC using their OIDC_LOGOUT_URL environment variable for successful logout and redirect to login page. Their script part In my case I used something along

OIDC_LOGOUT_URL=https://..../realms/{myrealm}/protocol/openid-connect/logout?client_id={myclient}

(Keycloak is unhappy if not specifying the client_id)

I noticed that for your docker image it is currently hardcoded inside the config.php template. After clicking Logout in MISP I end up with 400 error on a Keycloak page:

Image

Clicking Back to Application then leads me to the original Keycloak login webpage for MISP.

And as mentioned in your OIDC docs - Caveats the user is still logged into Keycloak.

May I suggest to provide a new environment variable like OIDC_LOGOUT_URL to allow overriding the current setting? This would improve OIDC interaction and provide true logout capability for it.

Kind regards

joeftiger avatar Apr 01 '25 13:04 joeftiger