[keycloak-user] Proxy users remain logged in when logged out in the backend

Niko Köbler niko at n-k.de
Fri Feb 13 05:41:11 EST 2015


I think there’s a state problem when using applications behind a Keycloak Proxy solution.

This is our scenario:
An application is „secured“ only behind a Keycloak proxy.
In some of our use cases, the session will be killed/logged out in the backend, before (proxy cookie) timeout.
As now the proxy cookie is still set (and valid), the proxy assumes the user still to be logged in and injects still the header fields. The proxy doesn’t know that the user has been logged out.
We switched now the „always-refresh-token“ option to „true“ in the proxy application configuration and it works as expected. But this will have impacts on performance and is not our preferred way of handling this issue.

Is there any other way of notifying the proxy of logged out users?
Can we use the Admin URL for this? If yes, how?

- Niko

More information about the keycloak-user mailing list