[keycloak-user] single logout

Hubert Przybysz h.p.przybysz at gmail.com
Wed Jan 7 07:18:58 EST 2015


I'm using your server-side java adapters. When I logout in one application
I'm getting the exception below when the server tries to logout the second
application (which led me to think I need to implement something).

Logout for application 'app-2' failed:
org.apache.http.conn.HttpHostConnectException: Connection to https:/
xx.xx.net refused
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
at
org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:182)
[resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at
org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39)
[resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at
org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40)
[resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at
org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45)
[resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:444)
[resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at
org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:688)
[resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.client.ClientRequest.post(ClientRequest.java:572)
[resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at
org.keycloak.services.managers.ResourceAdminManager.sendLogoutRequest(ResourceAdminManager.java:275)
[keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.services.managers.ResourceAdminManager.logoutClientSessions(ResourceAdminManager.java:207)
[keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.services.managers.ResourceAdminManager.logoutClientSession(ResourceAdminManager.java:167)
[keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.protocol.oidc.OpenIDConnect.backchannelLogout(OpenIDConnect.java:143)
[keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.services.managers.AuthenticationManager.logout(AuthenticationManager.java:97)
[keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:994)
[keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:927)
[keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[rt.jar:1.7.0_72]


On Wed, Jan 7, 2015 at 12:53 PM, Stian Thorgersen <stian at redhat.com> wrote:

> What adapters are you using? Our adapters already have built-in support
> for this. Server-side adapters (JEE) uses the admin url, while client-side
> (JS) uses a special iframe to detect logout.
>
> ----- Original Message -----
> > From: "Hubert Przybysz" <h.p.przybysz at gmail.com>
> > To: "keycloak-user" <keycloak-user at lists.jboss.org>
> > Sent: Wednesday, 7 January, 2015 12:19:12 PM
> > Subject: [keycloak-user] single logout
> >
> > Hi,
> >
> > I'm looking for information on how to implement single logout across
> > applications in the realm. There is an Admin URL setting per application
> in
> > the realm admin GUI which is to be set if the application supports "the
> > adapter REST API", but I failed to find any information about this API.
> Is
> > this the API to use for single logout ?
> >
> > Br / Hubert.
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150107/2be4a67d/attachment-0001.html 


More information about the keycloak-user mailing list