Though what leaves us puzzled, is the following from the keycloak documentation:
"It is possible to omit the confirmation and do automatic redirect to the application when you include parameter post_logout_redirect_uri together with the parameter id_token_hint with the ID Token used for login."
They are both included in the url, but it still throws 404, probably searching for the confirmation page.

Also the custom theme / login inherits from keycloak theme, that inherits from base, so the deafult confirmation page should be there.

Additional info: we upgraded from 14, and the new 18 version is from a legacy docker image, so we still use WildFly.

We discovered that the id_token_hint, that keycloak-js provides are not exactly the same as the token we got from the backend.
e.g. the "typ" is ID vs. Bearer, And the aud is different.
We also tried to replace the keycloak-js generated token to the Bearer in the url, but still getting the 404.

Also when the post_logout_redirect_uri was https://---oursite---.org/some_subpage, and we got 404, we replaced it with https://---oursite---.org in the url, and pressed enter, and it logged out correctly, and arrived on the login page.
But now we tried to send the redirectUri from frontend using keycloak-js set to https://---oursite---.org, that set the post_logout_redirect_uri to https://---oursite---.org, and we still get 404.

Additional info: we use the same docker image with same setup locally and on the server.
Locally logout works correctly.
The only exception is that on the server we are setting the KEYCLOAK_FRONTEND_URL to https://---oursite---.org/auth/ (This worked so far)
and on the server the requests/responses are going through nginx. Maybe nginx not forwarding the full large url? I'm checking that next.

We found that the issue is the query limitation in IIS.
The logout url length with the query was 2800 chars.
This brings up an other idea though: Wouldn't it be nicer to make the logout a POST request and send the token_id_hint and the post_logout_redirect_uri in the body?

So, how do you fix the issue @adnsimona . I have some issue.
Thanks

@adnsimona Glad that you figured the issue. Sorry for the late response. Some alternative solution is (should surely work in Keycloak 19, not 100% sure if supported in Keycloak 18) that instead of using OIDC logout GET request, you can use POST request. This should help with the query limit. Using the POST request for the logout is currently not supported in the OIDC javascript adapter. I think it can be supported to add the flag option for the keycloak.js logout method to use the POST method for the logout instead of the GET method. So this would be purely task for the javascript adapter (nothing needed on the Keycloak server).

Considering this, I am moving this to the area/adapter/javascript and also I am adding label "Help wanted" as Keycloak team won't have time to look at this in the near future, so it would need to be a community contribution

It is related nginx configuration. nginx has character limitation in default configuration.
For fixing, we added this parameter in nginx conf:

proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;