File tree Expand file tree Collapse file tree 2 files changed +7
-2
lines changed
Expand file tree Collapse file tree 2 files changed +7
-2
lines changed Original file line number Diff line number Diff line change @@ -36,7 +36,10 @@ resource "keycloak_openid_client" "grafana" {
3636 admin_url = " https://grafana.${ var . monitoring_domain } "
3737
3838 valid_redirect_uris = [
39- " https://grafana.${ var . monitoring_domain } /login/generic_oauth"
39+ " https://grafana.${ var . monitoring_domain } /login/generic_oauth" ,
40+ # Required for KC 18+ post-logout redirect to function correctly.
41+ # Must perfectly match the post_logout_redirect_uri parameter sent by Grafana.
42+ " https://grafana.${ var . monitoring_domain } /login"
4043 ]
4144
4245 web_origins = [
Original file line number Diff line number Diff line change @@ -114,7 +114,9 @@ grafana.ini:
114114
115115 # Single Logout: after signing out of Grafana, the user is
116116 # also logged out of Keycloak and redirected back to login.
117- signout_redirect_url : ${keycloak_url}/realms/${keycloak_realm}/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fgrafana.${monitoring_domain}%2Flogin
117+ # OpenID RP-Initiated Logout (KC 18+) requires the client_id to be sent
118+ # to authorize the post_logout_redirect_uri.
119+ signout_redirect_url : ${keycloak_url}/realms/${keycloak_realm}/protocol/openid-connect/logout?client_id=grafana-oauth&post_logout_redirect_uri=https%3A%2F%2Fgrafana.${monitoring_domain}%2Flogin
118120
119121datasources :
120122 datasources.yaml :
You can’t perform that action at this time.
0 commit comments