Keycloak doesn't log out when logging out of DHIS2

Anh_Tran · 12 April 2023 08:31

Hi
Could you share the DHIS2 and Keycloak integration configuration document with me, please? I am having the following issue:

INFO  2023-04-12T10:55:45,676 Authentication event AuthenticationFailureBadCredentialsEvent ip 172.16.31.199 sessionId 2bfea153ac2acaa70dea038988af0d8bd13711697ca7afdb278a2c748f480b2c exception could_not_map_oidc_user_to_dhis2_user Failed to look up DHIS2 user with OidcUser mapping mappingClaimKeyemail claim valuetest1gmail.com (AuthenticationLoggerListener.java [http-nio-8080-exec-9]) ID7CPsxv1W4+TM5fjWivneXaQ9UCjRK7Pg7DfhhXGxqKo=

On both the KC and DHIS systems, I have set the email for test1 as [test1@gmail.com]

Gassim · 12 April 2023 21:26

Hi @Anh_Tran

I couldn’t find a document specifically for keycloak; however, the documents above are guidelines that should work for the other options too.

It says in the error

when you are using test1@gmail.com (isn’t that a different address?)

jaime.bosque · 18 April 2023 14:36

Hey @Anh_Tran , did you manage to solve the issue?

Anh_Tran · 19 April 2023 00:15

Hi @jaime.bosque
Currently, I’m having an issue when log out on DHIS2, but it doesn’t log out on Keycloak. I have configured in dhis.conf “oidc.provider.keycloak.end_session_endpoint = https://mykeycloakdomain/auth/realms/dhis2/protocol/openid-connect/logout”.

jaime.bosque · 19 April 2023 07:42

In the end I managed to get it working, I just needed to check the option “External Auth only”.

I am not using the “log out” option.

Anh_Tran · 19 April 2023 08:13

Hi @jaime.bosque
yes, i have checked it. I thought when select Logout, it would logout the account on Keycloak as well, but mine is not doing so.