[keycloak-user] single logout

Stian Thorgersen stian at redhat.com
Wed Jan 7 07:54:46 EST 2015


Currently the trust manager is actually disabled for these requests so that won't be the problem. We have an outstanding issue to fix this.

----- Original Message -----
> From: "Hubert Przybysz" <h.p.przybysz at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: "keycloak-user" <keycloak-user at lists.jboss.org>
> Sent: Wednesday, 7 January, 2015 1:45:03 PM
> Subject: Re: [keycloak-user] single logout
> 
> It is reachable but perhaps it is a truststore issue.
> 
> Which truststore is used by the server, the one configured in jboss for
> https connector, or some other ?
> 
> On Wed, Jan 7, 2015 at 1:25 PM, Stian Thorgersen <stian at redhat.com> wrote:
> 
> > Looks like a configuration issue (or a bug) you should not have to
> > implement anything as long as you use our adapters.
> >
> > Did you set the admin url correctly for the app? It has to be reachable
> > from the Keycloak server. Also, if your app is behind a proxy or is
> > clustered that can also impact on the config.
> >
> > ----- Original Message -----
> > > From: "Hubert Przybysz" <h.p.przybysz at gmail.com>
> > > To: "Stian Thorgersen" <stian at redhat.com>
> > > Cc: "keycloak-user" <keycloak-user at lists.jboss.org>
> > > Sent: Wednesday, 7 January, 2015 1:18:58 PM
> > > Subject: Re: [keycloak-user] single logout
> > >
> > > I'm using your server-side java adapters. When I logout in one
> > application
> > > I'm getting the exception below when the server tries to logout the
> > second
> > > application (which led me to think I need to implement something).
> > >
> > > Logout for application 'app-2' failed:
> > > org.apache.http.conn.HttpHostConnectException: Connection to https:/
> > > xx.xx.net refused
> > > at
> > >
> > org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190)
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > at
> > >
> > org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > at
> > >
> > org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > at
> > >
> > org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > at
> > >
> > org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > at
> > >
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > at
> > >
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > at
> > >
> > org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:182)
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > at
> > >
> > org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39)
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > at
> > >
> > org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40)
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > at
> > >
> > org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45)
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > at
> > org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:444)
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > at
> > >
> > org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:688)
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > at org.jboss.resteasy.client.ClientRequest.post(ClientRequest.java:572)
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > at
> > >
> > org.keycloak.services.managers.ResourceAdminManager.sendLogoutRequest(ResourceAdminManager.java:275)
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > at
> > >
> > org.keycloak.services.managers.ResourceAdminManager.logoutClientSessions(ResourceAdminManager.java:207)
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > at
> > >
> > org.keycloak.services.managers.ResourceAdminManager.logoutClientSession(ResourceAdminManager.java:167)
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > at
> > >
> > org.keycloak.protocol.oidc.OpenIDConnect.backchannelLogout(OpenIDConnect.java:143)
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > at
> > >
> > org.keycloak.services.managers.AuthenticationManager.logout(AuthenticationManager.java:97)
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > at
> > >
> > org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:994)
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > at
> > >
> > org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:927)
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > [rt.jar:1.7.0_72]
> > >
> > >
> > > On Wed, Jan 7, 2015 at 12:53 PM, Stian Thorgersen <stian at redhat.com>
> > wrote:
> > >
> > > > What adapters are you using? Our adapters already have built-in support
> > > > for this. Server-side adapters (JEE) uses the admin url, while
> > client-side
> > > > (JS) uses a special iframe to detect logout.
> > > >
> > > > ----- Original Message -----
> > > > > From: "Hubert Przybysz" <h.p.przybysz at gmail.com>
> > > > > To: "keycloak-user" <keycloak-user at lists.jboss.org>
> > > > > Sent: Wednesday, 7 January, 2015 12:19:12 PM
> > > > > Subject: [keycloak-user] single logout
> > > > >
> > > > > Hi,
> > > > >
> > > > > I'm looking for information on how to implement single logout across
> > > > > applications in the realm. There is an Admin URL setting per
> > application
> > > > in
> > > > > the realm admin GUI which is to be set if the application supports
> > "the
> > > > > adapter REST API", but I failed to find any information about this
> > API.
> > > > Is
> > > > > this the API to use for single logout ?
> > > > >
> > > > > Br / Hubert.
> > > > >
> > > > > _______________________________________________
> > > > > keycloak-user mailing list
> > > > > keycloak-user at lists.jboss.org
> > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > >
> > >
> >
> 


More information about the keycloak-user mailing list