Gerrit + GitHub OAuth: 404 Not Found on sign out

[Matthew McCormick]

Hi,

I have tried to configure Gerrit + GitHub OAuth plugin based on this plugin repository [1] with the stable-2.9 branch with Gerrit 2.9.  I have followed the instructions in the Gerrit book [2] and the instructions from the repository README.


While login occurs fine, logout fails. The configuration in etc/gerrit.config is

[auth]
    logoutUrl= /oauth/reset

However, after clicking the "Sign Out' link in the Gerrit UI, which redirects to this location, a 404 Not Found page is returned.


Any ideas as to what is happening? I do not know if it is related, but there are a number of authentification errors in logs/error_log [3].


Thanks,
Matt


[1] git clone https://gerrit.googlesource.com/plugins/github

[2] https://www.packtpub.com/application-development/learning-gerrit-code-review

[3] [2015-01-18 19:15:10,559] INFO  com.google.gerrit.pgm.Daemon : Gerrit Code Review 2.9 ready
[2015-01-18 19:15:17,932] ERROR com.googlesource.gerrit.plugins.github.oauth.OAuthCookieProvider : Decryption failed
javax.crypto.BadPaddingException: Given final block not properly padded
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
    at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:420)
    at javax.crypto.Cipher.doFinal(Cipher.java:1922)
    at com.googlesource.gerrit.plugins.github.oauth.TokenCipher.decode(TokenCipher.java:101)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthCookie.<init>(OAuthCookie.java:72)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthCookieProvider.getFromCookie(OAuthCookieProvider.java:46)
    at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.initOAuthCookie(GitHubLogin.java:105)
    at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.access$000(GitHubLogin.java:44)
    at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin$Provider.get(GitHubLogin.java:55)
    at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin$Provider.get(GitHubLogin.java:50)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.doFilter(OAuthWebFilter.java:83)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthFilter.doFilter(OAuthFilter.java:83)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1539)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:524)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:219)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1110)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:453)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1044)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:92)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:459)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:280)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229)
    at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnection.java:505)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
    at java.lang.Thread.run(Thread.java:745)
[2015-01-18 19:15:17,934] WARN  com.googlesource.gerrit.plugins.github.oauth.GitHubLogin : Invalid cookie detected
com.googlesource.gerrit.plugins.github.oauth.OAuthTokenException: Invalid session token RfxR2qVDjNkhanF3/U+/qWbWUBrd47KTx97yu6zls1pyUwN9n/WF2Ee9qC2O4UCYzro22wlQ1OVqBipU2hwekU0B8fpqRCRLWcr8r8yncTlYeBSb+nti1ABpo4/CQRoAIrOEY+5/bCSR2ZjRySAETA==
    at com.googlesource.gerrit.plugins.github.oauth.TokenCipher.decode(TokenCipher.java:109)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthCookie.<init>(OAuthCookie.java:72)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthCookieProvider.getFromCookie(OAuthCookieProvider.java:46)
    at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.initOAuthCookie(GitHubLogin.java:105)
    at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.access$000(GitHubLogin.java:44)
    at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin$Provider.get(GitHubLogin.java:55)
    at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin$Provider.get(GitHubLogin.java:50)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.doFilter(OAuthWebFilter.java:83)
    at com.googlesource.gerrit.plugins.github.oauth.OAuthFilter.doFilter(OAuthFilter.java:83)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1539)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:524)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:219)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1110)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:453)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1044)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:92)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:459)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:280)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229)
    at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnection.java:505)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
    at java.lang.Thread.run(Thread.java:745)
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
    at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:420)
    at javax.crypto.Cipher.doFinal(Cipher.java:1922)
    at com.googlesource.gerrit.plugins.github.oauth.TokenCipher.decode(TokenCipher.java:101)
    ... 26 more
[2015-01-18 19:15:17,935] ERROR com.googlesource.gerrit.plugins.github.oauth.OAuthCookieProvider : Decryption failed
javax.crypto.BadPaddingException: Given final block not properly padded

[Luca Milanesio]

Hi Matthew,
unfortunately the Ver. 2.9 of the plugin is a bit obsolete now :-(

GitHub updates continuously their API and we do keep up-to-date only the master + 1.10 release of the plugin.

Can you try again with the master branch of Gerrit + GitHub plugin?
(or at least the 1.10)

Luca.

[Wulf C. Krueger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Luca,

On 19.01.2015 15:40, Luca Milanesio wrote:
> GitHub updates continuously their API and we do keep up-to-date
> only the master + 1.10 release of the plugin. Can you try again
> with the master branch of Gerrit + GitHub plugin? (or at least the
> 1.10)

The github-plugin (ff9363b5a854ced85e4d34b76872eb8aa900d08f in
stable-2.10) has the same 404 issue on logging out.

Btw, it would help *immensely* if there was some up-to-date
documentation. Important information like github.wizardFlow doesn't
seem to be documented anywhere and I only happened to find it here by
pure chance.

- --
Best regards, Wulf
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlS9IS0ACgkQnuVXRcSi+5rPIgCfeO9vX4W7rsdX0hFTQBQqZXQ7
3x4AnjQ4teGTk3qOflBHEMGd8pjXX6kR
=D9iP
-----END PGP SIGNATURE-----

[Luca Milanesio]

Have you tried to do a clean start by resetting browser cookie and session?
Can you post the Chrome HAR traces to see what's happening from a browser's perspective?

What is happening is an error for preventing request hijacking ... but should never happen on the same browser.

P.S. Documentation is always Achille's toe ... contributions are more than welcome :-)

Luca.

> --
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Wulf C. Krueger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Luca,

On 19.01.2015 16:33, Luca Milanesio wrote:
> Have you tried to do a clean start by resetting browser cookie and
> session?

Yes, indeed. And even in a different browser (even logging out, of
course). Always 404's.

The actual log out *does* work, though.

> Can you post the Chrome HAR traces to see what's happening from a
> browser's perspective?

It's the first time I even hear about it, so I hope Google explained
(and I did) it correctly:

{
"log": {
"version": "1.2",
"creator": {
"name": "WebInspector",
"version": "537.36"
},
"pages": [
{
"startedDateTime": "2015-01-19T15:48:31.829Z",
"id": "page_1",
"title": "https://galileo.mailstation.de/gerrit/logout",
"pageTimings": {
"onContentLoad": 341.5100574493408,
"onLoad": 341.3701057434082
}
}
],
"entries": [
{
"startedDateTime": "2015-01-19T15:48:31.935Z",
"time": 124.31001663208008,
"request": {
"method": "GET",
"url": "https://galileo.mailstation.de/gerrit/oauth/reset",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Pragma",
"value": "no-cache"
},
{
"name": "Accept-Encoding",
"value": "gzip, deflate, sdch"
},
{
"name": "Host",
"value": "galileo.mailstation.de"
},
{
"name": "Accept-Language",
"value": "en-GB,en;q=0.8,en-US;q=0.6,de;q=0.4"
},
{
"name": "User-Agent",
"value": "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.45 Safari/537.36"
},
{
"name": "Accept",
"value":
"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
},
{
"name": "Referer",
"value": "https://galileo.mailstation.de/gerrit/"
},
{
"name": "Cookie",
"value": "JSESSIONID=uc5ldpfqmgbdli6z8pqyway3;
__utma=88724365.1638994372.1420368244.1420368244.1420368244.1;
__utmc=88724365;
__utmz=88724365.1420368244.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);

},
{
"name": "Connection",
"value": "keep-alive"
},
{
"name": "Cache-Control",
"value": "no-cache"
}
],
"queryString": [],
"cookies": [
{
"name": "JSESSIONID",
"value": "uc5ldpfqmgbdli6z8pqyway3",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "__utma",
"value":
"88724365.1638994372.1420368244.1420368244.1420368244.1",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "__utmc",
"value": "88724365",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "__utmz",
"value":
"88724365.1420368244.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "wordpress_test_cookie",
"value": "WP+Cookie+check",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": ,
"value": "expires": null,
"httpOnly": false,
"secure": false
}
],
"headersSize": 906,
"bodySize": 0
},
"response": {
"status": 404,
"statusText": "Not Found",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Pragma",
"value": "no-cache"
},
{
"name": "Date",
"value": "Mon, 19 Jan 2015 15:48:32 GMT"
},
{
"name": "Server",
"value": "Apache/2.4.10 (Unix) OpenSSL/1.0.1j PHP/5.5.18
mod_wsgi/4.3.0 Python/2.7.9 mod_jk/1.2.40 mod_perl/2.0.7 Perl/v5.14.2"
},
{
"name": "Content-Type",
"value": "text/plain; charset=ISO-8859-1"
},
{
"name": "Cache-Control",
"value": "no-cache, no-store, max-age=0, must-revalidate"
},
{
"name": "Connection",
"value": "Keep-Alive"
},
{
"name": "Keep-Alive",
"value": "timeout=5, max=95"
},
{
"name": "Content-Length",
"value": "9"
},
{
"name": "Expires",
"value": "Mon, 01 Jan 1990 00:00:00 GMT"
}
],
"cookies": [],
"content": {
"size": 9,
"mimeType": "text/plain",
"compression": 0
},
"redirectURL": "",
"headersSize": 430,
"bodySize": 9
},
"cache": {},
"timings": {
"blocked": 0.444000004790723,
"dns": -1,
"connect": -1,
"send": 0.16899999900488205,
"wait": 123.17400000029039,
"receive": 0.5230166279940818,
"ssl": -1
},
"connection": "555684",
"pageref": "page_1"
},
{
"startedDateTime": "2015-01-19T15:48:31.829Z",
"time": 104.80999946594238,
"request": {
"method": "GET",
"url": "https://galileo.mailstation.de/gerrit/logout",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Pragma",
"value": "no-cache"
},
{
"name": "Accept-Encoding",
"value": "gzip, deflate, sdch"
},
{
"name": "Host",
"value": "galileo.mailstation.de"
},
{
"name": "Accept-Language",
"value": "en-GB,en;q=0.8,en-US;q=0.6,de;q=0.4"
},
{
"name": "User-Agent",
"value": "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.45 Safari/537.36"
},
{
"name": "Accept",
"value":
"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
},
{
"name": "Referer",
"value": "https://galileo.mailstation.de/gerrit/"
},
{
"name": "Cookie",
"value": "GerritAccount=aGeuZ9XR7ThjifihH7Jmq0M4Jn8MIkK;
JSESSIONID=uc5ldpfqmgbdli6z8pqyway3;
__utma=88724365.1638994372.1420368244.1420368244.1420368244.1;
__utmc=88724365;
__utmz=88724365.1420368244.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);

},
{
"name": "Connection",
"value": "keep-alive"
},
{
"name": "Cache-Control",
"value": "no-cache"
}
],
"queryString": [],
"cookies": [
{
"name": "GerritAccount",
"value": "aGeuZ9XR7ThjifihH7Jmq0M4Jn8MIkK",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "JSESSIONID",
"value": "uc5ldpfqmgbdli6z8pqyway3",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "__utma",
"value":
"88724365.1638994372.1420368244.1420368244.1420368244.1",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "__utmc",
"value": "88724365",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "__utmz",
"value":
"88724365.1420368244.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "wordpress_test_cookie",
"value": "WP+Cookie+check",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": ,
"value": ,
"expires": null,
"httpOnly": false,
"secure": false
}
],
"headersSize": 948,
"bodySize": 0
},
"response": {
"status": 302,
"statusText": "Found",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Date",
"value": "Mon, 19 Jan 2015 15:48:31 GMT"
},
{
"name": "Server",
"value": "Apache/2.4.10 (Unix) OpenSSL/1.0.1j PHP/5.5.18
mod_wsgi/4.3.0 Python/2.7.9 mod_jk/1.2.40 mod_perl/2.0.7 Perl/v5.14.2"
},
{
"name": "Location",
"value": "https://galileo.mailstation.de/gerrit/oauth/reset"
},
{
"name": "Set-Cookie",
"value":
"GerritAccount=\"\";Version=1;Path=/gerrit;Expires=Thu, 01-Jan-1970
00:00:00 GMT;Max-Age=0"
},
{
"name": "Connection",
"value": "Keep-Alive"
},
{
"name": "Keep-Alive",
"value": "timeout=5, max=96"
},
{
"name": "Content-Length",
"value": "0"
},
{
"name": "Expires",
"value": "Thu, 01 Jan 1970 00:00:00 GMT"
}
],
"cookies": [
{
"name": "GerritAccount",
"value": "\"\"",
"path": "/gerrit",
"expires": "2015-01-19T15:48:31.829Z",
"httpOnly": false,
"secure": false
}
],
"content": {
"size": 0,
"mimeType": "x-unknown",
"compression": 0
},
"redirectURL":
"https://galileo.mailstation.de/gerrit/oauth/reset",
"headersSize": 461,
"bodySize": 0
},
"cache": {},
"timings": {
"blocked": 0.514999999722932,
"dns": -1,
"connect": -1,
"send": 0.20399999630171806,
"wait": 103.18800000095536,
"receive": 0.9029994689623777,
"ssl": -1
},
"connection": "555684",
"pageref": "page_1"
}
]

}
}

> P.S. Documentation is always Achille's toe ... contributions are
> more than welcome :-)

I know, I know. I keep telling *my* users the same... ;-)

- --
Best regards, Wulf
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlS9KLgACgkQnuVXRcSi+5qvngCfQkYVJJxoW/wDLbyvLTvz/4Nw
J1wAoJLwPQSPGqLaKLSz+DuA7c4JIkUj
=6x6R
-----END PGP SIGNATURE-----

[Luca Milanesio]

Can you send the HAR again as attachment?

P.S. You can display your HAR graphically using https://toolbox.googleapps.com/apps/har_analyzer/ ... that's what I was trying to do by copy & pasting the HAR content :-)

Luca.

[Luca Milanesio]

It seems that now the problem is different: there is no decryption error anymore but simply your SSO logout URL configured in gerrit.config is invalid.

When logging out from Gerrit / GitHub you can specify a URL to actually logout from your OAuth token as well: the one currently configured on your config is /oauth/reset that unfortunately is not present in your set-up.
Please change the URL to something that is defined on your front-end for allowing OAuth token logout (e.g. https://github.com/logout)

NOTE: At least *this* part was documented :-) but possibly not thoroughly explained in great detail :-(

Luca.

[Wulf C. Krueger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Luca,

On 19.01.2015 17:15, Luca Milanesio wrote:
> It seems that now the problem is different: there is no decryption
> error anymore but simply your SSO logout URL configured in
> gerrit.config is invalid.

Ah, ok, somewhere on this list, someone suggested setting it to that
value and I expect it to be handled like loginUrl (intercepted by some
mythical Jetty hook ;) ).

This is likely the same issue Matthew faces. (Sorry, Matthew, for
"hijacking" this thread but I hope the explanations help you, too.)

> Please change the URL to something that is defined on your
> front-end for allowing OAuth token logout (e.g.
> https://github.com/logout)

Ok, that did the job, thanks. Is there some way to get redirected back
to Gerrit proper instead of github's main page?

- --
Best regards, Wulf
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlS9ML0ACgkQnuVXRcSi+5oSSwCghnTDEa2A/TPPnYGCUCx3Mb7F
fUgAoJY6QXF3YDpiz/iglbklyLnm4edf
=If2G
-----END PGP SIGNATURE-----

[lucamilanesio]

On Monday, January 19, 2015 at 8:28:56 AM UTC-8, Wulf Krueger wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Luca,

On 19.01.2015 17:15, Luca Milanesio wrote:
> It seems that now the problem is different: there is no decryption
> error anymore but simply your SSO logout URL configured in
> gerrit.config is invalid.

Ah, ok, somewhere on this list, someone suggested setting it to that
value and I expect it to be handled like loginUrl (intercepted by some
mythical Jetty hook ;) ).

This is likely the same issue Matthew faces. (Sorry, Matthew, for
"hijacking" this thread but I hope the explanations help you, too.)

You could just even go back to the Gerrit home page after logout :-)

Just I thought that made sense to allow the user (if he wants) to actually logout completely instead of just from Gerrit.

 

> Please change the URL to something that is defined on your
> front-end for allowing OAuth token logout (e.g.
> https://github.com/logout)

Ok, that did the job, thanks. Is there some way to get redirected back
to Gerrit proper instead of github's main page?

Yes, just put "/" as redirect URL :-)

Luca.

[Wulf C. Krueger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Luca,

On 19.01.2015 23:38, lucamilanesio wrote:
> Ok, that did the job, thanks. Is there some way to get redirected
> back to Gerrit proper instead of github's main page?
>> Yes, just put "/" as redirect URL :-)

Oh... After reading this three times, I face-palmed, realised how this
actually works and would like to thank you profusely for your patience. :)


Now that I configured it correctly, the sign out part works perfectly,
of course. :)

- --
Best regards, Wulf
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlS9iwEACgkQnuVXRcSi+5rcGwCg2/0GG3zAPPKrdfkM0mpFGJev
4OIAn3eGv0iRQSH9sGZQsziF1dMOMHeu
=Nitg
-----END PGP SIGNATURE-----

[Matthew McCormick]

Hi Luca and Wulf,

On Monday, January 19, 2015 at 5:54:02 PM UTC-5, Wulf Krueger wrote:

On 19.01.2015 23:38, lucamilanesio wrote:
> Ok, that did the job, thanks. Is there some way to get redirected
> back to Gerrit proper instead of github's main page?
>> Yes, just put "/" as redirect URL :-)

Oh... After reading this three times, I face-palmed, realised how this
actually works and would like to thank you profusely for your patience. :)

This was exactly the problem I was facing!  I have set:

[auth]

  logoutUrl = /

in the etc/gerrit.config, and all works as expected.

The README currently suggests /oauth/reset -- I think "/" is a better default if this is not expected to behave out of the box.

Thank you very much for the suggestion!

Matt