[keycloak-dev] Improving SSO logout performance
Marek Posolda
mposolda at redhat.com
Thu Feb 11 11:57:05 EST 2016
Few things, which we can possibly do:
- Currently when application initiates logout through
servletRequest.logout , it sends request to Keycloak logout endpoint.
This endpoint then sends backchannel request to all logged clients with
registered admin URL. I think we can improve here and not send request
to the original application, which initiated logout.
For example: When product-portal application initiates logout through
servletRequest.logout, the adapter itself should be already able to do
all logout actions on it's side (invalidate httpSession etc) and there
is no need to send another request from keycloak to product-portal to
logout same httpSession.
- Backchannel logout requests send by Keycloak (ResourceAdminManager)
could be send in parallel. Currently they are send sequentially, which
is not very optimal.
WDYT?
Marek
More information about the keycloak-dev
mailing list