Versions Compared

Old Version 3

changes.mady.by.user Jon Espen Ingvaldsen

Saved on

compared with

New Version Current

changes.mady.by.user Ole Kristian Aune

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Begin by navigating to your Keycloak IDP configuration and select Single Logout from the navigation menu. As of Kantega SSO 3.5.0, The logout URL should be populated, and you can simply enable Single Logout and click "Save":

...

Expand
title Metadata refresh

If the Keycloak logout URL isn't specified already, it's most likely because the configuration predates Kantega SSO 3.5.0, where this URL wasn't being imported yet. You can either fill it manually , or do a metadata refresh against Keycloak to obtain it. To refresh from metadata, use the indicated link in the nav menu:

Image RemovedImage Added

The Keycloak metadata URL may not be on file. If it's missing, you can obtain it from https://<host>/auth/realms/<realm>/protocol/saml/descriptor, in this case: https://keycloak4.example.com/auth/realms/example.com/protocol/saml/descriptor (Keycloak uses the same URL for all SAML endpoints, so this is most likely also your logout URL). You can either download the metadata to a file and upload that, save the text content and paste it, or input the URL directly, as shown in the screenshot.

Now go back to the Single Logout menu and if the logout URL is now populated, enable SLO and save.

...

The logout endpoint for the service provider is configured by expanding the "Fine Grain SAML Endpoint Configuration" heading. Paste the SP logout URL from a few screenshots back and save. Keycloak does not (to our knowledge) support service provider metadata import, so you will need to input the SP logout URL manually (i.e., the logout URL of the Atlassian app). This can be found under "URLs and cert for IdP setup," as shown in the below screenshot. Copy the URL and paste it into Keycloak:

...