SAML Single Logout Service Redirect

Technical assistance
1
  • Used Zammad version: 6.4.1-1741348581.b9a98307.bookworm
  • Used Zammad installation type: package
  • Operating system: Debian 12
  • Browser + version: Firefox 128.7.0esr

Expected behavior:

  • Redirect to Zammad login page.

Actual behavior:

  • Redirects to Zammad SAML metadata page.

Steps to reproduce the behavior:

1 Like
2

I have the same issue.

3

Is the logout URL on the Keycloak side configured correctly?

By clicking Sign-Out you mean inside Zammad?

4

Same issue. Logged out from SAML Identify provider, but session is not terminated in Zammad. (using Microsoft Entra ID as IDP)

Is there any update in this?

5

Currently, we have no other reported problems when it’s configured in the correct way.

So we would need more details, for example, some logs when Zammad is called in this situation.

6

as I have the same issue, I’d be more than happy to provide any needed logs. Would the production log be sufficient? Because I can’t see any issues there for the logout process.

7

production.log sounds like a good start.

8

alright, here is the production.log part starting with the login procedure using SAML and the logout process. I anonymized the URL and IPs (... is always the same client!), as well as shortened the very long SAML Response string as it was just characters.

If you need a more detailed log with every information I might be able to send it in via private message as well.

I believe the part

I, [2025-08-15T12:33:13.022160#518-6990220]  INFO -- : Started POST "/auth/saml/metadata" for ***.***.***.*** at 2025-08-15 12:33:13 +0200

shows where the forward after logout is terminating.


# sign in

I, [2025-08-15T12:33:00.046000#518-6974340]  INFO -- : Started POST "/auth/saml" for ***.***.***.*** at 2025-08-15 12:33:00 +0200
I, [2025-08-15T12:33:02.743479#518-6989460]  INFO -- : Started POST "/auth/saml/callback" for ***.***.***.*** at 2025-08-15 12:33:02 +0200
I, [2025-08-15T12:33:02.782203#518-6989460]  INFO -- : Processing by SessionsController#create_omniauth as HTML
I, [2025-08-15T12:33:02.782499#518-6989460]  INFO -- :   Parameters: {"SAMLResponse"=>"PHNhbWxwOlJlc3BvbnNl[... string shortened ...] zcG9uc2U+", "provider"=>"saml"}
I, [2025-08-15T12:33:02.829460#518-6989460]  INFO -- : Redirected to https://ticket.***.de/#
I, [2025-08-15T12:33:02.831111#518-6989460]  INFO -- : Completed 302 Found in 48ms (ActiveRecord: 18.1ms (32 queries, 1 cached) | GC: 0.9ms)
I, [2025-08-15T12:33:02.856411#518-6989420]  INFO -- : Started GET "/" for ***.***.***.*** at 2025-08-15 12:33:02 +0200
I, [2025-08-15T12:33:02.859219#518-6989420]  INFO -- : Processing by InitController#index as HTML
I, [2025-08-15T12:33:02.863050#518-6989420]  INFO -- :   Rendered layout layouts/application.html.erb (Duration: 0.6ms | GC: 0.0ms)
I, [2025-08-15T12:33:02.863776#518-6989420]  INFO -- : Completed 200 OK in 4ms (Views: 0.8ms | ActiveRecord: 0.8ms (5 queries, 1 cached) | GC: 0.1ms)
I, [2025-08-15T12:33:03.138654#518-6990140]  INFO -- : Started POST "/api/v1/signshow" for ***.***.***.*** at 2025-08-15 12:33:03 +0200
I, [2025-08-15T12:33:03.142328#518-6990140]  INFO -- : Processing by SessionsController#show as JSON
I, [2025-08-15T12:33:03.142365#518-6990140]  INFO -- :   Parameters: {"fingerprint"=>"-1958592138"}
I, [2025-08-15T12:33:03.407995#518-6990140]  INFO -- : Completed 200 OK in 266ms (Views: 48.5ms | ActiveRecord: 39.4ms (342 queries, 146 cached) | GC: 23.3ms)
I, [2025-08-15T12:33:03.468637#518-6990220]  INFO -- : Started GET "/api/v1/taskbar/init?_=1755253983097" for ***.***.***.*** at 2025-08-15 12:33:03 +0200
I, [2025-08-15T12:33:03.471499#518-6990220]  INFO -- : Processing by TaskbarController#init as JSON
I, [2025-08-15T12:33:03.471535#518-6990220]  INFO -- :   Parameters: {"_"=>"1755253983097"}
I, [2025-08-15T12:33:04.103082#518-6974340]  INFO -- : Completed 200 OK in 43ms (Views: 1.2ms | ActiveRecord: 14.5ms (23 queries, 6 cached) | GC: 1.2ms)
I, [2025-08-15T12:33:04.133220#518-6989420]  INFO -- : Completed 200 OK in 48ms (Views: 1.0ms | ActiveRecord: 10.9ms (22 queries, 6 cached) | GC: 11.9ms)
I, [2025-08-15T12:33:04.651540#518-6990220]  INFO -- : Completed 200 OK in 1180ms (Views: 27.3ms | ActiveRecord: 111.3ms (1352 queries, 675 cached) | GC: 195.7ms)
I, [2025-08-15T12:33:04.720673#518-6990140]  INFO -- : Started GET "/api/v1/translations/lang/en-us?_=1755253983098" for ***.***.***.*** at 2025-08-15 12:33:04 +0200
I, [2025-08-15T12:33:04.724407#518-6990140]  INFO -- : Processing by TranslationsController#lang as JSON
I, [2025-08-15T12:33:04.724447#518-6990140]  INFO -- :   Parameters: {"_"=>"1755253983098", "locale"=>"en-us"}
I, [2025-08-15T12:33:04.763212#518-6990140]  INFO -- : Completed 200 OK in 39ms (Views: 9.9ms | ActiveRecord: 15.3ms (8 queries, 2 cached) | GC: 6.8ms)
I, [2025-08-15T12:33:04.862900#518-6989460]  INFO -- : Started GET "/api/v1/activity_stream?full=true&limit=25&_=1755253983099" for ***.***.***.*** at 2025-08-15 12:33:04 +0200
I, [2025-08-15T12:33:04.863198#518-6974340]  INFO -- : Started GET "/api/v1/first_steps?_=1755253983100" for ***.***.***.*** at 2025-08-15 12:33:04 +0200
I, [2025-08-15T12:33:04.875155#518-6989460]  INFO -- : Processing by ActivityStreamController#show as JSON
I, [2025-08-15T12:33:04.875305#518-6989460]  INFO -- :   Parameters: {"full"=>"true", "limit"=>"25", "_"=>"1755253983099"}
I, [2025-08-15T12:33:04.876634#518-6974340]  INFO -- : Processing by FirstStepsController#index as JSON
I, [2025-08-15T12:33:04.876887#518-6974340]  INFO -- :   Parameters: {"_"=>"1755253983100"}
I, [2025-08-15T12:33:04.889026#518-6974340]  INFO -- : Completed 200 OK in 12ms (Views: 0.1ms | ActiveRecord: 3.4ms (19 queries, 7 cached) | GC: 0.0ms)
I, [2025-08-15T12:33:04.954420#518-6989460]  INFO -- : Completed 200 OK in 79ms (Views: 4.4ms | ActiveRecord: 23.0ms (114 queries, 38 cached) | GC: 0.8ms)
I, [2025-08-15T12:33:04.967907#518-6989420]  INFO -- : Started GET "/api/v1/cti/log?_=1755253983101" for ***.***.***.*** at 2025-08-15 12:33:04 +0200
I, [2025-08-15T12:33:04.975619#518-6989420]  INFO -- : Processing by CtiController#index as JSON
I, [2025-08-15T12:33:04.975725#518-6989420]  INFO -- :   Parameters: {"_"=>"1755253983101"}
I, [2025-08-15T12:33:04.999040#518-6989420]  INFO -- : Completed 200 OK in 23ms (Views: 0.9ms | ActiveRecord: 2.9ms (13 queries, 6 cached) | GC: 13.1ms)
I, [2025-08-15T12:33:05.074196#518-6990220]  INFO -- : Started GET "/api/v1/ticket_overviews?_=1755253983102" for ***.***.***.*** at 2025-08-15 12:33:05 +0200
I, [2025-08-15T12:33:05.084281#518-6990220]  INFO -- : Processing by TicketOverviewsController#show as JSON
I, [2025-08-15T12:33:05.084342#518-6990220]  INFO -- :   Parameters: {"_"=>"1755253983102"}
I, [2025-08-15T12:33:05.085459#518-6990140]  INFO -- : Started GET "/api/v1/ticket_overview?_=1755253983103" for ***.***.***.*** at 2025-08-15 12:33:05 +0200
I, [2025-08-15T12:33:05.095979#518-6990140]  INFO -- : Processing by TicketOverviewsController#data as JSON
I, [2025-08-15T12:33:05.096047#518-6990140]  INFO -- :   Parameters: {"_"=>"1755253983103"}
I, [2025-08-15T12:33:05.360110#518-6990140]  INFO -- : Completed 200 OK in 260ms (Views: 2.6ms | ActiveRecord: 92.2ms (84 queries, 15 cached) | GC: 143.8ms)
I, [2025-08-15T12:33:05.485620#518-6990220]  INFO -- : Completed 200 OK in 401ms (Views: 0.3ms | ActiveRecord: 209.1ms (203 queries, 52 cached) | GC: 154.5ms)
I, [2025-08-15T12:33:05.642847#523-196140]  INFO -- : 2025-08-15T12:33:05+0200: [Worker(host:ticket pid:523)] Job UserDeviceLogJob [c14ce485-bd0c-4946-a8cd-c3125e8e767d] from DelayedJob(default) with arguments: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0", "***.***.***.***", 17, "-1958592138", "session"] (id=1429329) (queue=default) RUNNING
I, [2025-08-15T12:33:05.676120#518-6974340]  INFO -- : Started GET "/api/v1/ticket_attachment/4765/36422/22478?view=preview" for ***.***.***.*** at 2025-08-15 12:33:05 +0200
I, [2025-08-15T12:33:05.680727#518-6974340]  INFO -- : Processing by TicketArticlesController#attachment as HTML
I, [2025-08-15T12:33:05.680781#518-6974340]  INFO -- :   Parameters: {"view"=>"preview", "ticket_id"=>"4765", "article_id"=>"36422", "id"=>"22478"}
I, [2025-08-15T12:33:05.683369#518-6989460]  INFO -- : Started GET "/api/v1/ticket_attachment/4765/36422/22479?view=preview" for ***.***.***.*** at 2025-08-15 12:33:05 +0200
I, [2025-08-15T12:33:05.686094#518-6989460]  INFO -- : Processing by TicketArticlesController#attachment as HTML
I, [2025-08-15T12:33:05.686139#518-6989460]  INFO -- :   Parameters: {"view"=>"preview", "ticket_id"=>"4765", "article_id"=>"36422", "id"=>"22479"}
I, [2025-08-15T12:33:05.715009#518-6989460]  INFO -- : Sent data Screenshot 2025-08-11 174831.png (0.3ms)
I, [2025-08-15T12:33:05.716259#518-6989460]  INFO -- : Completed 200 OK in 29ms (Views: 0.2ms | ActiveRecord: 9.1ms (23 queries, 6 cached) | GC: 4.3ms)
I, [2025-08-15T12:33:05.718733#518-6974340]  INFO -- : Sent data Screenshot 2025-08-11 175024.png (0.3ms)
I, [2025-08-15T12:33:05.719628#518-6974340]  INFO -- : Completed 200 OK in 39ms (Views: 0.2ms | ActiveRecord: 13.3ms (23 queries, 6 cached) | GC: 4.3ms)
I, [2025-08-15T12:33:05.833846#518-6989420]  INFO -- : Started GET "/api/v1/ticket_attachment/4462/36453/22503?view=inline" for ***.***.***.*** at 2025-08-15 12:33:05 +0200
I, [2025-08-15T12:33:05.837491#518-6989420]  INFO -- : Processing by TicketArticlesController#attachment as HTML
I, [2025-08-15T12:33:05.837612#518-6989420]  INFO -- :   Parameters: {"view"=>"inline", "ticket_id"=>"4462", "article_id"=>"36453", "id"=>"22503"}
I, [2025-08-15T12:33:05.856756#518-6989420]  INFO -- : Sent data image1.png (0.3ms)
I, [2025-08-15T12:33:05.857686#518-6989420]  INFO -- : Completed 200 OK in 20ms (Views: 0.2ms | ActiveRecord: 5.9ms (23 queries, 6 cached) | GC: 0.6ms)
I, [2025-08-15T12:33:05.867312#518-6990140]  INFO -- : Started GET "/api/v1/ticket_attachment/4768/36454/22504?view=inline" for ***.***.***.*** at 2025-08-15 12:33:05 +0200
I, [2025-08-15T12:33:05.871182#518-6990140]  INFO -- : Processing by TicketArticlesController#attachment as HTML
I, [2025-08-15T12:33:05.871224#518-6990140]  INFO -- :   Parameters: {"view"=>"inline", "ticket_id"=>"4768", "article_id"=>"36454", "id"=>"22504"}
I, [2025-08-15T12:33:05.893453#518-6990140]  INFO -- : Sent data image1.png (0.3ms)
I, [2025-08-15T12:33:05.894592#518-6990140]  INFO -- : Completed 200 OK in 23ms (Views: 0.2ms | ActiveRecord: 3.9ms (23 queries, 6 cached) | GC: 6.2ms)
I, [2025-08-15T12:33:06.101530#518-6990220]  INFO -- : Started GET "/api/v1/ticket_attachment/4769/36462/22512?view=inline" for ***.***.***.*** at 2025-08-15 12:33:06 +0200
I, [2025-08-15T12:33:06.101802#518-6989460]  INFO -- : Started GET "/api/v1/ticket_attachment/4769/36463/22516?view=inline" for ***.***.***.*** at 2025-08-15 12:33:06 +0200
I, [2025-08-15T12:33:06.107062#518-6990220]  INFO -- : Processing by TicketArticlesController#attachment as HTML
I, [2025-08-15T12:33:06.107137#518-6990220]  INFO -- :   Parameters: {"view"=>"inline", "ticket_id"=>"4769", "article_id"=>"36462", "id"=>"22512"}
I, [2025-08-15T12:33:06.108839#518-6989460]  INFO -- : Processing by TicketArticlesController#attachment as HTML
I, [2025-08-15T12:33:06.108920#518-6989460]  INFO -- :   Parameters: {"view"=>"inline", "ticket_id"=>"4769", "article_id"=>"36463", "id"=>"22516"}
I, [2025-08-15T12:33:06.133414#518-6990220]  INFO -- : Sent data image1.png (0.3ms)
I, [2025-08-15T12:33:06.135224#518-6989460]  INFO -- : Sent data image001.png (0.4ms)
I, [2025-08-15T12:33:06.136116#518-6990220]  INFO -- : Completed 200 OK in 29ms (Views: 0.2ms | ActiveRecord: 9.5ms (23 queries, 6 cached) | GC: 0.0ms)
I, [2025-08-15T12:33:06.138033#518-6989460]  INFO -- : Completed 200 OK in 29ms (Views: 0.2ms | ActiveRecord: 12.9ms (23 queries, 6 cached) | GC: 0.0ms)
I, [2025-08-15T12:33:06.820489#523-196140]  INFO -- : 2025-08-15T12:33:06+0200: [Worker(host:ticket pid:523)] Job UserDeviceLogJob [c14ce485-bd0c-4946-a8cd-c3125e8e767d] from DelayedJob(default) with arguments: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0", "***.***.***.***", 17, "-1958592138", "session"] (id=1429329) (queue=default) COMPLETED after 1.1775
I, [2025-08-15T12:33:06.824027#523-196140]  INFO -- : 2025-08-15T12:33:06+0200: [Worker(host:ticket pid:523)] Job SearchIndexJob [f3cf77dd-a7de-420d-84e9-5c0ae59e776e] from DelayedJob(default) with arguments: ["User", 17] (id=1429327) (queue=default) RUNNING
I, [2025-08-15T12:33:06.875605#523-196140]  INFO -- : 2025-08-15T12:33:06+0200: [Worker(host:ticket pid:523)] Job SearchIndexJob [f3cf77dd-a7de-420d-84e9-5c0ae59e776e] from DelayedJob(default) with arguments: ["User", 17] (id=1429327) (queue=default) COMPLETED after 0.0515
I, [2025-08-15T12:33:06.877931#523-196140]  INFO -- : 2025-08-15T12:33:06+0200: [Worker(host:ticket pid:523)] Job SearchIndexAssociationsJob [5806bc45-3bc1-4c58-b875-e753b605eff7] from DelayedJob(default) with arguments: ["User", 17] (id=1429328)
(queue=default) RUNNING
I, [2025-08-15T12:33:07.019656#523-196140]  INFO -- : 2025-08-15T12:33:07+0200: [Worker(host:ticket pid:523)] Job SearchIndexAssociationsJob [5806bc45-3bc1-4c58-b875-e753b605eff7] from DelayedJob(default) with arguments: ["User", 17] (id=1429328)
(queue=default) COMPLETED after 0.1417
I, [2025-08-15T12:33:08.862925#523-196160]  INFO -- : ProcessScheduledJobs running...
I, [2025-08-15T12:33:08.864795#523-196160]  INFO -- : Running job thread for 'Check 'Channel' streams.' (Channel.stream) status is: sleep
I, [2025-08-15T12:33:08.864845#523-196160]  INFO -- : Running job thread for 'Process ticket escalations.' (Ticket.process_escalation) status is: sleep
I, [2025-08-15T12:33:08.865079#523-196160]  INFO -- : Running job thread for 'Check channels.' (Channel.fetch) status is: sleep
I, [2025-08-15T12:33:08.865770#523-196160]  INFO -- : Running job thread for 'Execute planned jobs.' (Job.run) status is: sleep
I, [2025-08-15T12:33:11.026730#523-196140]  INFO -- : 2025-08-15T12:33:11+0200: [Worker(host:ticket pid:523)] Job SearchIndexAssociationsJob [871c475a-153b-4486-8b7a-d63ca17a7458] from DelayedJob(default) with arguments: ["User", 17] (id=1429330)
(queue=default) RUNNING
I, [2025-08-15T12:33:11.131011#523-196140]  INFO -- : 2025-08-15T12:33:11+0200: [Worker(host:ticket pid:523)] Job SearchIndexAssociationsJob [871c475a-153b-4486-8b7a-d63ca17a7458] from DelayedJob(default) with arguments: ["User", 17] (id=1429330)
(queue=default) COMPLETED after 0.1042

# sign out

I, [2025-08-15T12:33:12.719499#518-6990140]  INFO -- : Started DELETE "/api/v1/signout" for ***.***.***.*** at 2025-08-15 12:33:12 +0200
I, [2025-08-15T12:33:12.724932#518-6990140]  INFO -- : Processing by SessionsController#destroy as JSON
I, [2025-08-15T12:33:12.733219#518-6990140]  INFO -- : Completed 200 OK in 8ms (Views: 0.2ms | ActiveRecord: 0.9ms (7 queries, 2 cached) | GC: 2.6ms)
I, [2025-08-15T12:33:12.832543#523-21795120]  INFO -- : Closing session client (608580) thread
I, [2025-08-15T12:33:13.022160#518-6990220]  INFO -- : Started POST "/auth/saml/metadata" for ***.***.***.*** at 2025-08-15 12:33:13 +0200
I, [2025-08-15T12:33:13.905998#523-19880860]  INFO -- : execute Ticket.process_escalation (try_count 0)...
I, [2025-08-15T12:33:13.907375#523-19880860]  INFO -- : ended Ticket.process_escalation took: 0.006546023 seconds.
I, [2025-08-15T12:33:15.137906#523-196140]  INFO -- : 2025-08-15T12:33:15+0200: [Worker(host:ticket pid:523)] Job SearchIndexAssociationsJob [c51fe071-f4a1-4be2-b2db-3fd2e8b81153] from DelayedJob(default) with arguments: ["User", 17] (id=1429331)
(queue=default) RUNNING
I, [2025-08-15T12:33:15.277251#523-196140]  INFO -- : 2025-08-15T12:33:15+0200: [Worker(host:ticket pid:523)] Job SearchIndexAssociationsJob [c51fe071-f4a1-4be2-b2db-3fd2e8b81153] from DelayedJob(default) with arguments: ["User", 17] (id=1429331)
(queue=default) COMPLETED after 0.1393
I, [2025-08-15T12:33:18.453222#523-21755940]  INFO -- : execute Channel.fetch (try_count 0)...
I, [2025-08-15T12:33:18.454186#523-21755940]  INFO -- : fetching imap (mail.******.de/***/***/*** port=993,ssl=true,starttls=false,folder=INBOX,keep_on_server=false,auth_type=LOGIN,ssl_verify=true)
I, [2025-08-15T12:33:18.736612#523-21755940]  INFO -- :  - no message
I, [2025-08-15T12:33:18.742809#523-21755940]  INFO -- : ended Channel.fetch took: 0.294991787 seconds.
I, [2025-08-15T12:33:18.866997#523-196160]  INFO -- : ProcessScheduledJobs running...
I, [2025-08-15T12:33:18.868622#523-196160]  INFO -- : Running job thread for 'Check 'Channel' streams.' (Channel.stream) status is: sleep
I, [2025-08-15T12:33:18.868682#523-196160]  INFO -- : Running job thread for 'Process ticket escalations.' (Ticket.process_escalation) status is: sleep
I, [2025-08-15T12:33:18.868708#523-196160]  INFO -- : Running job thread for 'Check channels.' (Channel.fetch) status is: sleep
I, [2025-08-15T12:33:18.869355#523-196160]  INFO -- : Running job thread for 'Execute planned jobs.' (Job.run) status is: sleep

another strange thing I noticed - maybe this is also the case ofr the others here:

  1. When I sign in with keycloak and then sign out the metadata page is shown (please see the above log for that!)
  2. Then I click on “back” in the browser and I’m still logged in → so the logout didn’t work at all
  3. Then I click on logout again in zammad and I’m forwarded correctly the the login page of zammad and I’m logged out correctly

For 2) and 3) here is the production.log, too:

I, [2025-08-15T12:46:06.870809#518-6974340]  INFO -- : Completed 200 OK in 32ms (Views: 0.1ms | ActiveRecord: 14.4ms (23 queries, 6 cached) | GC: 0.0ms)
I, [2025-08-15T12:46:06.873732#518-7012100]  INFO -- : Completed 200 OK in 27ms (Views: 0.2ms | ActiveRecord: 14.2ms (23 queries, 6 cached) | GC: 0.0ms)
I, [2025-08-15T12:46:07.167038#518-6990140]  INFO -- : Completed 200 OK in 132ms (Views: 18.9ms | ActiveRecord: 11.0ms (102 queries, 18 cached) | GC: 42.4ms)
I, [2025-08-15T12:46:13.454227#523-196160]  INFO -- : ProcessScheduledJobs running...
I, [2025-08-15T12:46:13.468146#523-196160]  INFO -- : Running job thread for 'Check 'Channel' streams.' (Channel.stream) status is: sleep
I, [2025-08-15T12:46:13.468271#523-196160]  INFO -- : Running job thread for 'Process ticket escalations.' (Ticket.process_escalation) status is: sleep
I, [2025-08-15T12:46:13.468403#523-196160]  INFO -- : Running job thread for 'Check channels.' (Channel.fetch) status is: sleep
I, [2025-08-15T12:46:13.469339#523-196160]  INFO -- : Running job thread for 'Execute planned jobs.' (Job.run) status is: sleep
I, [2025-08-15T12:46:13.952530#518-6989460]  INFO -- : Started DELETE "/api/v1/signout" for ***.***.***.*** at 2025-08-15 12:46:13 +0200
I, [2025-08-15T12:46:13.961810#518-6989460]  INFO -- : Processing by SessionsController#destroy as JSON
I, [2025-08-15T12:46:14.067216#518-6989460]  INFO -- : Completed 200 OK in 105ms (Views: 0.1ms | ActiveRecord: 1.3ms (7 queries, 2 cached) | GC: 97.8ms)
I, [2025-08-15T12:46:14.170368#518-6974340]  INFO -- : Started GET "/auth/saml/slo?SAMLResponse=jZLBbsIwDIZfpco9TVpIoVGLNI0 [... string shortened ...] %2F7zySIg%3D%3D" for ***.***.***.*** at 2025-08-15 12:46:14 +0200
I, [2025-08-15T12:46:14.208304#518-7012100]  INFO -- : Started GET "/" for ***.***.***.*** at 2025-08-15 12:46:14 +0200
I, [2025-08-15T12:46:14.211652#518-7012100]  INFO -- : Processing by InitController#index as HTML
I, [2025-08-15T12:46:14.215162#518-7012100]  INFO -- :   Rendered layout layouts/application.html.erb (Duration: 0.7ms | GC: 0.0ms)
I, [2025-08-15T12:46:14.215937#518-7012100]  INFO -- : Completed 200 OK in 4ms (Views: 0.9ms | ActiveRecord: 0.5ms (5 queries, 1 cached) | GC: 0.1ms)
I, [2025-08-15T12:46:14.508535#518-6990140]  INFO -- : Started POST "/api/v1/signshow" for ***.***.***.*** at 2025-08-15 12:46:14 +0200
I, [2025-08-15T12:46:14.511496#518-6990140]  INFO -- : Processing by SessionsController#show as JSON
I, [2025-08-15T12:46:14.511539#518-6990140]  INFO -- :   Parameters: {"fingerprint"=>"-1958592138"}
I, [2025-08-15T12:46:14.554941#518-6990140]  INFO -- : Completed 200 OK in 43ms (Views: 2.8ms | ActiveRecord: 2.4ms (123 queries, 114 cached) | GC: 0.7ms)
I, [2025-08-15T12:46:14.581662#518-6989420]  INFO -- : Started GET "/api/v1/translations/lang/en-us?_=1755254774466" for ***.***.***.*** at 2025-08-15 12:46:14 +0200
I, [2025-08-15T12:46:14.585260#518-6989420]  INFO -- : Processing by TranslationsController#lang as JSON
I, [2025-08-15T12:46:14.585305#518-6989420]  INFO -- :   Parameters: {"_"=>"1755254774466", "locale"=>"en-us"}
I, [2025-08-15T12:46:14.625917#518-6989420]  INFO -- : Completed 200 OK in 41ms (Views: 10.2ms | ActiveRecord: 19.6ms (6 queries, 1 cached) | GC: 5.8ms)
I, [2025-08-15T12:46:14.696125#523-21803860]  INFO -- : Closing session client (610840) thread
I, [2025-08-15T12:46:16.839401#518-6974340]  INFO -- : Started POST "/api/v1/signshow" for 89.244.85.232 at 2025-08-15 12:46:16 +0200
I, [2025-08-15T12:46:16.843258#518-6974340]  INFO -- : Processing by SessionsController#show as JSON
I, [2025-08-15T12:46:16.843297#518-6974340]  INFO -- :   Parameters: {"fingerprint"=>"-528574313"}
I, [2025-08-15T12:46:17.103291#518-6974340]  INFO -- : Completed 200 OK in 260ms (Views: 41.9ms | ActiveRecord: 29.5ms (375 queries, 187 cached) | GC: 19.5ms)
I, [2025-08-15T12:46:17.315293#518-7012100]  INFO -- : Started GET "/api/v1/taskbar/init?_=1755254776769" for 89.244.85.232 at 2025-08-15 12:46:17 +0200
I, [2025-08-15T12:46:17.319025#518-7012100]  INFO -- : Processing by TaskbarController#init as JSON
I, [2025-08-15T12:46:17.319132#518-7012100]  INFO -- :   Parameters: {"_"=>"1755254776769"}
9

This article describes the same problem but with OAuth2 but this dosent solve the Problem: Open Id Button shows error message after Zammad session ended instead of a login Window. · Issue #5657 · zammad/zammad · GitHub

10

Hey, in the link you provided it was suggested to do that:

After some testing, I can add for **Keycloak**, that setting a Backchannel logout URL resolves the issue. Heads-up: You need to turn off the "Front channel logout" in your client's general settings in Keycloak for the setting to appear

When I disable “Front channel logout” - (turn “off”, click on save and reload my browser) I’m not able to configure as described, because I don’t have the three logout-settings / options in the post.

grafik
grafik516×331 7.53 KB

while it should (?) look like in the post from github:

grafik
grafik871×323 31.2 KB

Using keycloak 26.3.2 - so should be pretty up-to-date. Maybe this is because SAML is usead instead of OICD?

Also, just turning it off didn’t help.

I set up SAML with keycloak bc there are official guides for it hoping it would work as expected - (talking about SAML with Keycloak — Zammad Admin Documentation documentation ) - so I did it exactly as described there.

EDIT - Maybe solved

It seems like when I configure Logout Service POST Binding URL in the Advanced client tab to https://zammad.domain.de/auth/saml/slo and turn off Front channel logout it looks like it’s working.

like:

grafik
grafik1893×1700 197 KB

So not sure If I missed that in the documentation or if it needs to be added…