[keycloak-user] single logout

Hubert Przybysz h.p.przybysz at gmail.com
Wed Jan 7 07:45:03 EST 2015


It is reachable but perhaps it is a truststore issue.

Which truststore is used by the server, the one configured in jboss for
https connector, or some other ?

On Wed, Jan 7, 2015 at 1:25 PM, Stian Thorgersen <stian at redhat.com> wrote:

> Looks like a configuration issue (or a bug) you should not have to
> implement anything as long as you use our adapters.
>
> Did you set the admin url correctly for the app? It has to be reachable
> from the Keycloak server. Also, if your app is behind a proxy or is
> clustered that can also impact on the config.
>
> ----- Original Message -----
> > From: "Hubert Przybysz" <h.p.przybysz at gmail.com>
> > To: "Stian Thorgersen" <stian at redhat.com>
> > Cc: "keycloak-user" <keycloak-user at lists.jboss.org>
> > Sent: Wednesday, 7 January, 2015 1:18:58 PM
> > Subject: Re: [keycloak-user] single logout
> >
> > I'm using your server-side java adapters. When I logout in one
> application
> > I'm getting the exception below when the server tries to logout the
> second
> > application (which led me to think I need to implement something).
> >
> > Logout for application 'app-2' failed:
> > org.apache.http.conn.HttpHostConnectException: Connection to https:/
> > xx.xx.net refused
> > at
> >
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190)
> > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > at
> >
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
> > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > at
> >
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
> > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > at
> >
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
> > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > at
> >
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
> > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > at
> >
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
> > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > at
> >
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
> > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > at
> >
> org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:182)
> > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > at
> >
> org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39)
> > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > at
> >
> org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40)
> > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > at
> >
> org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45)
> > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > at
> org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:444)
> > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > at
> >
> org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:688)
> > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > at org.jboss.resteasy.client.ClientRequest.post(ClientRequest.java:572)
> > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > at
> >
> org.keycloak.services.managers.ResourceAdminManager.sendLogoutRequest(ResourceAdminManager.java:275)
> > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > at
> >
> org.keycloak.services.managers.ResourceAdminManager.logoutClientSessions(ResourceAdminManager.java:207)
> > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > at
> >
> org.keycloak.services.managers.ResourceAdminManager.logoutClientSession(ResourceAdminManager.java:167)
> > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > at
> >
> org.keycloak.protocol.oidc.OpenIDConnect.backchannelLogout(OpenIDConnect.java:143)
> > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > at
> >
> org.keycloak.services.managers.AuthenticationManager.logout(AuthenticationManager.java:97)
> > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > at
> >
> org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:994)
> > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > at
> >
> org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:927)
> > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > [rt.jar:1.7.0_72]
> >
> >
> > On Wed, Jan 7, 2015 at 12:53 PM, Stian Thorgersen <stian at redhat.com>
> wrote:
> >
> > > What adapters are you using? Our adapters already have built-in support
> > > for this. Server-side adapters (JEE) uses the admin url, while
> client-side
> > > (JS) uses a special iframe to detect logout.
> > >
> > > ----- Original Message -----
> > > > From: "Hubert Przybysz" <h.p.przybysz at gmail.com>
> > > > To: "keycloak-user" <keycloak-user at lists.jboss.org>
> > > > Sent: Wednesday, 7 January, 2015 12:19:12 PM
> > > > Subject: [keycloak-user] single logout
> > > >
> > > > Hi,
> > > >
> > > > I'm looking for information on how to implement single logout across
> > > > applications in the realm. There is an Admin URL setting per
> application
> > > in
> > > > the realm admin GUI which is to be set if the application supports
> "the
> > > > adapter REST API", but I failed to find any information about this
> API.
> > > Is
> > > > this the API to use for single logout ?
> > > >
> > > > Br / Hubert.
> > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150107/92fb78ad/attachment.html 


More information about the keycloak-user mailing list