I’m trying to set up OAuth2/OpenID authorization using Keycloak as Authorization Server (using generic oauth config).
Sign In works wonderful but when I try to Sign Out there is an issue:
Say, I’ve already logged in as a Keycloak user.
I press “Sign out” button and get redirected to grafana/login page.
Then I press “Login with OAuth” but get signed in instantly without entering my credentials.
When I look into Keycloak users active sessions, I see that session is still alive and the cookie is not removed from the browser either. This way a user is able to sign in without entering his/her credentials, though they’ve pressed “Sign Out”.
I am wondering, is there a way on sign out to remove users session from Authorization Server or at least to clear the session cookie? I did not find in Grafana configs any way to specify “sign out URL” or something.
Awesome.Thanks. That part working if i put logout url of openid provider.
Do we have another option to configure post logout re-direct to grafana login screen ?(As of now it just stays there since openid provider does not self re-direct)
Let me know in case i am missing something here.
Openid provider -> Keycloak
Nothing Grafana can do about that (I think). Please see comment for alternative solution. On a second thought he is appending ?redirect_uri=https\%3A\%2F\%2Fgrafana_host\%2Flogin which you should be able to do as long as your oauth provider supports that.
I am trying to get the combination of Keycloak and Grafana to work but have not had a huge success so far. Do you mind sharing some information about your setup/configuration?
