Logout does not work with openid/keycloak

[eastclintw00d]

I am trying to migrate a server from shinyproxy 3.0.2 to 3.1.1. Everything worked fine so far only the logout button is not working. It leads to the /logout-success endpoint but if I click on “Login again” I am directly logged in and land on the index page.

Here is the relevant part of my config:

proxy:
  title: Some Title
  hide-navbar: false
  #  landing-page: /app/dashboard
  template-path: ./templates/mytemplate
  logo-url: https://some/logo/url.svg
  favicon-path: /www/favicon.png
  heartbeat-rate: 10000
  heartbeat-timeout: 600000
  container-wait-time: 60000
  port: 8080
  admin-groups: admin
  authentication: openid
  openid:
    auth-url: https://identity.services.example.com/auth/realms/TEST/protocol/openid-connect/auth
    token-url: https://identity.services.example.com/auth/realms/TEST/protocol/openid-connect/token
    jwks-url: https://identity.services.example.com/auth/realms/TEST/protocol/openid-connect/certs
    client-id: Testclient
    client-secret: <<my-secret>>
    username-attribute: email
    roles-claim: realm_roles
    logout-url: https://my.example.com/logout-success
  docker:
    internal-networking: true
  specs:
[...]

logging:
  level:
    root: DEBUG
  file:
    shinyproxy.log

server:
  forward-headers-strategy: "native"
  servlet.session.timeout: 3600

And here is what the DEBUG log says:

2024-09-10T11:06:52.888Z DEBUG 1 --- [  XNIO-1 task-8] io.undertow.request.security             : Attempting to authenticate /logout, authentication required: false
2024-09-10T11:06:52.888Z DEBUG 1 --- [  XNIO-1 task-8] io.undertow.request.security             : Authentication outcome was NOT_ATTEMPTED with method io.undertow.security.impl.CachedAuthenticatedSessionMechanism@73b8e122 for /logout
2024-09-10T11:06:52.889Z DEBUG 1 --- [  XNIO-1 task-8] io.undertow.request.security             : Authentication result was ATTEMPTED for /logout
2024-09-10T11:06:52.889Z DEBUG 1 --- [  XNIO-1 task-8] io.undertow.request                      : Matched default handler path /logout
2024-09-10T11:06:52.889Z DEBUG 1 --- [  XNIO-1 task-8] io.undertow.request                      : Matched default handler path /logout
2024-09-10T11:06:52.891Z DEBUG 1 --- [  XNIO-1 task-8] o.s.security.web.FilterChainProxy        : Securing GET /logout
2024-09-10T11:06:52.891Z DEBUG 1 --- [  XNIO-1 task-8] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [[email protected]], Granted A>
2024-09-10T11:06:52.892Z DEBUG 1 --- [  XNIO-1 task-8] o.s.s.w.a.logout.LogoutFilter            : Logging out [OAuth2AuthenticationToken [Principal=Name: [[email protected]], Granted Authorities: [[OIDC_USER, SCOPE_em>
2024-09-10T11:06:52.892Z  INFO 1 --- [  XNIO-1 task-8] e.o.containerproxy.service.UserService   : User logged out [user: [email protected]]
2024-09-10T11:06:52.892Z DEBUG 1 --- [  XNIO-1 task-8] io.undertow.session                      : Invalidating session eT7apEnoV_Cfce_vhh9NlttH2iNQkv0YDIUY4KV2 for exchange HttpServerExchange{ GET /logout}
2024-09-10T11:06:52.892Z DEBUG 1 --- [  XNIO-1 task-8] o.s.s.w.s.HttpSessionEventPublisher      : Publishing event: org.springframework.security.web.session.HttpSessionDestroyedEvent[source=io.undertow.servlet.spec.HttpSessionImpl@3adb5>
2024-09-10T11:06:52.893Z DEBUG 1 --- [  XNIO-1 task-8] o.s.s.w.a.l.SecurityContextLogoutHandler : Invalidated session eT7apEnoV_Cfce_vhh9NlttH2iNQkv0YDIUY4KV2
2024-09-10T11:06:52.894Z DEBUG 1 --- [  XNIO-1 task-8] o.s.s.web.DefaultRedirectStrategy        : Redirecting to https://my.example.com/logout-success
2024-09-10T11:06:52.895Z DEBUG 1 --- [  XNIO-1 I/O-24] io.undertow.request.io                   : UT005013: An IOException occurred

Any hint for finding the problem is greatly appreciated.