Not logout when Authentication Flow with Keycloak. #1397

hungvt created
  • ABP Framework version: v3.2
  • UI type: Angular
  • DB provider: EF Core / MongoDB
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:
  • I used Keycloak with SSO, code as:
            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Add("sub", ClaimTypes.NameIdentifier);
                .AddIdentityServerAuthentication(options =>
                    options.Authority = configuration["AuthServer:Authority"];
                    options.RequireHttpsMetadata = false;
                    options.ApiName = "newPMS";
                    options.JwtBackChannelHandler = new HttpClientHandler()
                        ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
                .AddOpenIdConnect("KeyCloakOpenId", "Ord key cloak", options =>
                  //  options.SignInScheme = IdentityConstants.ExternalScheme;
                    options.Authority = configuration["Authentication:KeyCloak:Authority"];
                    options.ClientId = configuration["Authentication:KeyCloak:ClientId"];
                    options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
                    options.CallbackPath = "/signin-oidc";
                    options.SignedOutRedirectUri = configuration["App:SelfUrl"];
                    options.ClientSecret = configuration["Authentication:KeyCloak:ClientSecret"];
                    options.RequireHttpsMetadata = false;
                    options.GetClaimsFromUserInfoEndpoint = true;
                    options.SaveTokens = true;
                    options.Scope.Add("offline_access email");
  • I custom file LoggedOutModel
 [Dependency(ReplaceServices = true)]
    public class CustomLogoutModel : LoggedOutModel
        private readonly IConfiguration _configuration;

        public CustomLogoutModel(IConfiguration configuration)
            _configuration = configuration;

        public override async Task<IActionResult> OnGetAsync()
            await HttpContext.SignOutAsync("KeyCloakOpenId", new AuthenticationProperties()
                RedirectUri = "/"

            await base.OnGetAsync();
            return Redirect("/");
  • When click logout button in Angular UI then not logout in page Keycloak:
  • I want when log out in Angular UI then also log out in page Keycloak.
  • Thank!

6 Answer(s)
    alper created
    Support Team Director

    I think you need to configure Identity Server for front channel logout. I'll share you a link which is similar to your requirement

    hungvt created

    Hi albert I can't access the link : Can you guide me in detail here? Thank!

    maliming created
    Support Team Fullstack Developer


    hungvt created

    Hi @maliming please give me the link! Thank!

    maliming created
    Support Team Fullstack Developer


    The link is the alper shared. But you said you can't access it.

    Hello @trungbttsd,

    I think implementing front-channel logout will solve your problem. However it is a bit complicated and tricky at first glance.

    Updating IdentityServer Clients

    You need to update your identityServer clients with the following:

    • Set FrontChannelLogoutUri to $"{webClientRootUrl}Account/FrontChannelLogout". webClientRootUrl will be your client url. We'll implement FrontChannelLogout method in AccountController
    • Set FrontChannelLogoutRequired to true

    Updating AccountController

    • Add FrontChannelLogout method to your AccountController. Sample code is here.
    • Update your Logout method in your AccountController. Sample code is here. You need to get logoutContext using logoutId. LogoutContext has information of PostLogoutRedirectUri and SignOutIFrameUrl. So you can redirect to SignedOut (or LoggedOut) page to display the iframe that will signout of all other clients.

    Add LoggedOut Page

    You need to add a new page to redirect after logging out, to signout from other clients and/or redirect back to your client. You can see sample implementations of our LoggedOut.cshtml and LoggedOut.cshtml.cs.

    I hope this will be helpful.

    hungvt created

    Thanks team! Solved

