[keycloak-user] Http Session is not invalidated
Chen Keong Yap
chenkeong.yap at izeno.com
Sun Apr 5 18:41:20 EDT 2015
Guys,
Can share your ideas why global logout is not working?
On Apr 3, 2015 3:47 PM, "Chen Keong Yap" <chenkeong.yap at izeno.com> wrote:
> Hi Marek,
>
> I've just tested backchannel logout and it's showing same issue. Both
> applications are using PL SP Filter and the steps below are used for
> testing.
>
> 1. Open https://localhost:8443/employee/ and http request is redirected
> to https://localhost:8443/auth/realms/saml-demo-1/protocol/saml
>
> 2. Enter username and password into keycloak login page and redirected to
> employee landing page
>
> 3. Open https://localhost:8443/sales-post/ and redirected to sales-post
> landing page without login
>
> 4. Logon to keycloak admin console and noticed there are 2 active sessions
>
> 5. Perform global logout from employee landing page (
> https://localhost:8443/employee/?GLO=true) and http request is redirected
> to https://localhost:8443/auth/realms/saml-demo-1/protocol/saml
>
> 6. Logon to keycloak admin console and noticed all sessions are gone
>
> 7. Refresh sales-post landing page and it's not redirected to keycloak
> login page. sales-post session still active.
>
> Kindly advise why GLO is performed but the second application (sales-post)
> session still active?
>
> On Fri, Apr 3, 2015 at 3:36 PM, Marek Posolda <mposolda at redhat.com> wrote:
>
>> Switch the "Front channel logout" to off. In this case it should use
>> backchannel (not redirecting through browser, but sending logout requests
>> from Keycloak in background)
>>
>> Marek
>>
>>
>>
>> On 3.4.2015 08:28, Chen Keong Yap wrote:
>>
>>
>> Hi Merek,
>>
>> I've tried frontChannel logout in 1.2.0.Beta1 and it's giving me the
>> same issues, please refer to the settings shown in the screen shot.
>>
>> Can you please advise how to test backchannel logout?
>>
>>
>> [image: Inline image 1]
>>
>>
>>
>> On Fri, Apr 3, 2015 at 1:50 PM, Marek Posolda <mposolda at redhat.com>
>> wrote:
>>
>>> I would try to upgrade to latest 1.2.0.Beta1 as it has some related
>>> fixes AFAIK.
>>>
>>> In this version, you have also possibility to setup either frontChannel
>>> logout or backchannel logout for the application. It could be set in
>>> Keycloak admin console. I think that at least one of them will work with SP
>>> filter in latest version (if not both).
>>>
>>> Marek
>>>
>>>
>>> On 3.4.2015 01:44, Chen Keong Yap wrote:
>>>
>>> Hi,
>>>
>>> I've 2 applications installed with Picketlink SPFilter to authenticate
>>> with keycloak 1.1.0 beta 2.
>>>
>>> When i perform global logout, first application was logged out
>>> successfully because SP/keycloak session and application http session are
>>> removed but the problem is second
>>> application SP/keycloak session is removed but application http session
>>> is still remained. I've set admin url for these 2 applications in keycloak
>>> admin console. Kindly share your ideas.
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150406/d3ca96ae/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 71582 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150406/d3ca96ae/attachment-0001.png
More information about the keycloak-user
mailing list