[keycloak-dev] Improving SSO logout performance
Scott Rossillo
srossillo at smartling.com
Thu Feb 11 14:39:01 EST 2016
Why not just kick off the backchannel logout requests sent by Keycloak asynchronously? The logout requesting app can’t do anything if they fail anyway.
Scott Rossillo
Smartling | Senior Software Engineer
srossillo at smartling.com
> On Feb 11, 2016, at 11:57 AM, Marek Posolda <mposolda at redhat.com> wrote:
>
> Few things, which we can possibly do:
>
> - Currently when application initiates logout through
> servletRequest.logout , it sends request to Keycloak logout endpoint.
> This endpoint then sends backchannel request to all logged clients with
> registered admin URL. I think we can improve here and not send request
> to the original application, which initiated logout.
>
> For example: When product-portal application initiates logout through
> servletRequest.logout, the adapter itself should be already able to do
> all logout actions on it's side (invalidate httpSession etc) and there
> is no need to send another request from keycloak to product-portal to
> logout same httpSession.
>
> - Backchannel logout requests send by Keycloak (ResourceAdminManager)
> could be send in parallel. Currently they are send sequentially, which
> is not very optimal.
>
> WDYT?
>
> Marek
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160211/16744702/attachment-0001.html
More information about the keycloak-dev
mailing list