I’ve been using Indico integrated with Keycloak Single Sign On (OpenID) for about a year. Everything has always worked fine, including the logout mechanism, which disconnected the user from both Indico and Keycloak.
However, after the upgrade from Keycloak 17.0.1 to 18.0.0, after clicking the logout button on Indico, the user is disconnected only from Indico but not from Keycloak. A Keycloak error page is also displayed in the browser, saying that the
id_token_hint parameter is missing; Keycloak logs show:
Parameter 'id_token_hint' is required when 'post_logout_redirect_uri' is used. type=LOGOUT_ERROR, realmId=realm_name, clientId=null, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=invalid_request
This behaviour seems to be related with changes introduced in Keycloak 18.0.0 as stated here: https://www.keycloak.org/2022/04/keycloak-1800-released.html (see paragraph OpenID Connect Logout).
Is there any configuration change I can do in Indico to solve the problem?