[keycloak-dev] Improving SSO logout performance
Marko Strukelj
mstrukel at redhat.com
Thu Feb 11 14:41:12 EST 2016
There is one neat side-effect of current implementation in that it is
immediately apparent when backchannel events don't work due to
misconfiguration or firewall issues.
If the proposed optimisation is implemented I think we should add some
logging on the server that will make it very obvious when backchannel
events fail.
On Thu, Feb 11, 2016 at 5:57 PM, Marek Posolda <mposolda at redhat.com> wrote:
> Few things, which we can possibly do:
>
> - Currently when application initiates logout through
> servletRequest.logout , it sends request to Keycloak logout endpoint.
> This endpoint then sends backchannel request to all logged clients with
> registered admin URL. I think we can improve here and not send request
> to the original application, which initiated logout.
>
> For example: When product-portal application initiates logout through
> servletRequest.logout, the adapter itself should be already able to do
> all logout actions on it's side (invalidate httpSession etc) and there
> is no need to send another request from keycloak to product-portal to
> logout same httpSession.
>
> - Backchannel logout requests send by Keycloak (ResourceAdminManager)
> could be send in parallel. Currently they are send sequentially, which
> is not very optimal.
>
> WDYT?
>
> Marek
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list