You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the central dashboard makes hard assumptions on it using https://github.com/arrikto/oidc-authservice. There is some talk about changing Kubeflow to using the OAuth2 proxy instead, but as explained here, this causes issues with logging out through the central dashboard since redirects after clicking the logout button is based on the afterLogoutURL key response, which is not part of the OIDC protocol. Therefore, you have to manually refresh the page in order to redirect to the Kubeflow home page again when using OIDC-compliant tools.
Describe the solution you'd like:
Instead of assuming usage of the oidc-authservice, we should support regular OIDC logout, where we directly redirect the browser to the logout URL instead of just a simple POST to the authservice.
The KeyCloak documentation explains how this should be done quite well: https://www.keycloak.org/docs/latest/server_admin/#_oidc-logout
The text was updated successfully, but these errors were encountered:
/kind feature
Why you need this feature:
Currently the central dashboard makes hard assumptions on it using https://github.com/arrikto/oidc-authservice. There is some talk about changing Kubeflow to using the OAuth2 proxy instead, but as explained here, this causes issues with logging out through the central dashboard since redirects after clicking the logout button is based on the
afterLogoutURLkey response, which is not part of the OIDC protocol. Therefore, you have to manually refresh the page in order to redirect to the Kubeflow home page again when using OIDC-compliant tools.Describe the solution you'd like:
Instead of assuming usage of the
oidc-authservice, we should support regular OIDC logout, where we directly redirect the browser to the logout URL instead of just a simple POST to the authservice.The KeyCloak documentation explains how this should be done quite well: https://www.keycloak.org/docs/latest/server_admin/#_oidc-logout
The text was updated successfully, but these errors were encountered: