Spring Security OidcBackChannelLogoutHandler#logoutUrl not configurable, context path missing from default

Describe the bug * When logging out using backchannel-logout, the OidcBackChannelLogoutHandler handles this by generating logout requests to localhost * The URL generated is http://localhost/logout, but this skips the context path. As a result, this runs into a 404 * Given an application with context path /my-application, I would expect: http://localhost/my-application/logout * It also seems to fail if the logoutUrl was configured to something else than /logout

To Reproduce * Set up an application with back-channel logout on keycloak * Set up keycloak with debug logging * Log out by terminating the session on key cloak

Expected behavior * The internally generated log-out does not produce a 404

Proposals * A) Make the feature aware of the context path * B) Make the feature respect reconfiguration of logoutUrl * C) Instead of generating internal requests, use the API to terminate the session

Comment From: lmorocz

It is configurable since 6.2.4, see #14679 (and #14609).

eg. .oidcLogout(lc -> lc.backChannel(c -> c.logoutUri("{baseScheme}://{baseHost}{basePort}{basePath}/logout"))))

Comment From: JuergenSimon

I was still debugging against the 6.2.3 version. I can confirm that with an upgrade to 6.2.4, it works as advertised. Thanks!