-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vault Logout always default to token
auth method on login page
#10816
Labels
Comments
+1 This creates confusion for our users. Its compounded by the fact that we use okta and have both okta-oidc and legacy okta auth method enabled at same time. Because of timeouts our users are lead towards Other and the 'okta' method in that drop down. |
+1 |
2 similar comments
+1 |
+1 |
+1 |
1 similar comment
+1 |
I believe this was fixed as part of #14916 (version 1.10.1 and later). Closing, but please feel free to reopen if the issue comes up again! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
We use Vault with an OIDC provider. By default, when the user browse to
/ui
, it gets redirected to/ui/vault/auth?with=oidc%2F
.However, when the token expires or the user sign out with
/ui/vault/logout
, then it redirects to/ui/vault/auth?with=token
causing the login page to show the token tab instead of theoidc/
one./ui/vault/auth?with=oidc%2F
/ui/vault/auth?with=token
To Reproduce
Steps to reproduce the behavior:
oidc/
vault auth tune -listing-visibility="unauth" oidc/
Expected behavior
The same default auth page is shown. In our case,
oidc/
.Environment:
vault status
): 1.5.4Vault oidc backend configuration:
Additional information
When I look at the network trace in the debug console during the login flow, the
referer
is/ui/vault/auth?with=oidc%2F
up to the/v1/auth/token/lookup-self
, then it switches to/ui/vault/auth?with=token
for the next call to/v1/sys/internal/ui/resultant-acl
.The text was updated successfully, but these errors were encountered: