Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot logout user account on che dashboard #23157

Open
huonguyenlt opened this issue Sep 19, 2024 · 6 comments
Open

Cannot logout user account on che dashboard #23157

huonguyenlt opened this issue Sep 19, 2024 · 6 comments
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/dashboard kind/question Questions that haven't been identified as being feature requests or bugs. severity/P1 Has a major impact to usage or development of the system. team/A This team is responsible for the Che Operator and all its operands as well as chectl and Hosted Che

Comments

@huonguyenlt
Copy link

huonguyenlt commented Sep 19, 2024
edited
Loading

Summary

When logging out using the Logout button on che dashboard, it logs out and logs in immediately.
image

I use keycloak as oidc provider.
Not sure if i missconfig anything in keycloak or che.

Relevant information

This is log after I logout

10.192.76.39:48736 - acb84c09c2b4a8487d0126c0e22e1fa3 - [email protected] [2024/09/20 08:34:11] [AuthSuccess] Authenticated via OAuth2: Session{email:[email protected] user:f6d09018-f217-4fa4-9302-9d8a11d0d63f PreferredUsername:che-user token:true id_token:true created:2024-09-20 08:34:11.151334944 +0000 UTC m=+1017.964253406 expires:2024-09-20 08:39:11.14600942 +0000 UTC m=+1317.958927893 refresh_token:true}
10.192.76.39:48736 - a521a75fd7d4b2cdfeb40b70fa944786 - [email protected] [2024/09/20 08:34:11] che.stengg-devcheworkspaces.com GET / "/dashboard/" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0" 200 964 0.005

My gateway configuration

ateway:
        deployment:
          containers:
            - name: oauth-proxy
              env: 
                - name: OAUTH2_PROXY_COOKIE_CSRF_PER_REQUEST
                  value: "true"
        oAuthProxy:
          cookieExpireSeconds: 300
Media1.mp4

che version 7.89
oidc: keycloak
kubernetes: AWS EKS
@huonguyenlt huonguyenlt added the kind/question Questions that haven't been identified as being feature requests or bugs. label Sep 19, 2024
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Sep 19, 2024
@svor
Copy link
Contributor

svor commented Sep 19, 2024

@tolusha could you take a look please

@svor svor removed the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Sep 19, 2024
@huonguyenlt
Copy link
Author

This is log after I logout, it login imediately

10.192.76.39:48736 - acb84c09c2b4a8487d0126c0e22e1fa3 - [email protected] [2024/09/20 08:34:11] [AuthSuccess] Authenticated via OAuth2: Session{email:[email protected] user:f6d09018-f217-4fa4-9302-9d8a11d0d63f PreferredUsername:che-user token:true id_token:true created:2024-09-20 08:34:11.151334944 +0000 UTC m=+1017.964253406 expires:2024-09-20 08:39:11.14600942 +0000 UTC m=+1317.958927893 refresh_token:true}
10.192.76.39:48736 - a521a75fd7d4b2cdfeb40b70fa944786 - [email protected] [2024/09/20 08:34:11] che.stengg-devcheworkspaces.com GET / "/dashboard/" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0" 200 964 0.005

@tolusha
Copy link
Contributor

tolusha commented Sep 20, 2024

Hello.
I am currently investigating the issue

@huonguyenlt
Copy link
Author

Upload video

Media1.mp4

@tolusha
Copy link
Contributor

tolusha commented Sep 20, 2024

@olexii4 @akurinnoy
When user clicks logout, then dashboard simply redirects request to /oauth/sign_out
It is not enough accordingly OAuth2 proxy documentation [2] and automatic log-in might happen, so we need to add redirect URL. In case of keycloak it will be https://<keyckoak_domain>/realms/che/protocol/openid-connect/logout

[1] https://github.com/eclipse-che/che-dashboard/blob/main/packages/dashboard-frontend/src/services/helpers/login.ts#L18
[2] https://oauth2-proxy.github.io/oauth2-proxy/features/endpoints/#sign-out

@tolusha
Copy link
Contributor

tolusha commented Sep 20, 2024

Some discussion how not show logout confirmation window

keycloak/keycloak#12183

@tolusha tolusha added severity/P1 Has a major impact to usage or development of the system. team/A This team is responsible for the Che Operator and all its operands as well as chectl and Hosted Che area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/dashboard labels Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/dashboard kind/question Questions that haven't been identified as being feature requests or bugs. severity/P1 Has a major impact to usage or development of the system. team/A This team is responsible for the Che Operator and all its operands as well as chectl and Hosted Che
Projects
Eclipse Che Team A Backlog
Status: No status
Milestone
No milestone
Development

No branches or pull requests
4 participants
@svor @tolusha @che-bot @huonguyenlt