edwin · wengkee · Jan 17, 2025 · Jan 17, 2025
diff --git a/README.md b/README.md
@@ -8,6 +8,22 @@ A sample java code to demonstrate a Spring Boot 3 integration with Keycloak 17.
 - Keycloak 17
 - Red Hat OpenJDK 17
 
+## Testing Login and Logout Steps
+1. Start Keycloak server locally
+1. Create a realm
+1. Create a client
+1. In client, configure:          
+    - root url: http://localhost:8081
+    - home url: http://localhost:8081/login
+    - valid redirect url: *
+    - valid post logout redirect URIs: * 
+    - web origin: +
+
+1. Goto localhost:8081/login
+1. Keyin username/password
+1. Goto localhost:8081/logout, follow the steps
+1. Expectation is the logout will redirect back to localhost:8081/login
+
 ## Screenshots
 Keycloak User Profile
 

diff --git a/src/main/java/com/edw/config/SecurityConfiguration.java b/src/main/java/com/edw/config/SecurityConfiguration.java
@@ -1,5 +1,7 @@
 package com.edw.config;
 
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -19,6 +21,12 @@
 @EnableWebSecurity
 public class SecurityConfiguration {
 
+    @Value( "${spring.security.oauth2.client.provider.external.issuer-uri}" )
+    private String keycloakUri;
+
+    @Value( "${spring.security.oauth2.client.registration.external.client-id}" )
+    private String keycloakClientId;
+
     @Bean
     public SecurityFilterChain configure(HttpSecurity http) throws Exception {
         http
@@ -40,7 +48,7 @@ public SecurityFilterChain configure(HttpSecurity http) throws Exception {
                                 .fullyAuthenticated()
                 .and()
                     .logout()
-                    .logoutSuccessUrl("http://localhost:8080/realms/external/protocol/openid-connect/logout?redirect_uri=http://localhost:8081/");
+                    .logoutSuccessUrl(keycloakUri + "/protocol/openid-connect/logout?client_id=" + keycloakClientId);
 
         return http.build();
     }