Closed electrofloat closed 1 year ago
What I noticed that after "signing out" and going back to the same site, the request url first becomes:
https://app.domain.tld/outpost.goauthentik.io/callback?X-authentik-auth-callback=true&code=2322abdabs134235
and in the request headers the browser sends the same cookie it got in the first place. (which is ok, if the cookie got invalidated with the "sign_out")The cookie starts with: authentik_proxy_
But then in the response header a new Set-Cookie arrives which also starts with authentik_proxy_
and Location header which redirects back to https://app.domain.tld.
I think that Set-Cookie header should not arrive, and instead a redirection should take place again for authentication.
It also seems that the single-app forward auth does not work at all with the provided nginx config. I've created 2 sample apps, with 2 forward auth single app providers, with two different external urls, and logging in on one of them, logs me in on the other too with the same user.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hi all! I can reproduce this issue as well. Why should this not be fixed?! I am using version 2023.10.7, no difference in behavior
The only config difference from your case, @electrofloat, is that I defined an App launch URL (or no url at all, as this should be automatically retrieved based on the documentation). But this is not relevant here, it behaves the same as you described it in the initial post! So technically right now it is only possible to log out from all applications, am I correct? Maybe this topic is also related to these issues?: https://github.com/goauthentik/authentik/issues/4999 https://github.com/goauthentik/authentik/issues/2023 https://github.com/goauthentik/authentik/issues/3471 << I have added further information about this issue here as I saw that question to be still open
Describe the bug It seems that visiting the
app.domain.tld/outpost.goauthentik.io/sign_out
as described in the docs, does not sign the user out of that single app. (or I'm missing something) Although a page appears stating:but the 1st button goes back to the app page (which is currently empty, since blank://blank was used in
App launch URL
to hide it. 2nd button logs the user out of authentik completely (which is not what I want, I only want to log the user out from the current app) 3rd button would like to go the the blank://blank url, which obviously does not exist.Then just going to the url app.domain.tld again, the user is already logged in.
To Reproduce Steps to reproduce the behavior:
because it generates the domain authentik is accessed on, but with this, nginx can have many kinds of issues, so it is needed to be replaced with it's internal ip:port (it probably could be left alone but then authentik's reverse proxy configuration needs some adjustments)
Expected behavior The user is logged out of the current single app, and next time it goes back to that url, authentik asks for user/pass again.
Version and Deployment (please complete the following information):
Additional context Add any other context about the problem here.