[keycloak-user] single logout

Hubert Przybysz h.p.przybysz at gmail.com
Wed Jan 7 17:13:30 EST 2015


Thanks for your help.

On Wed, Jan 7, 2015 at 3:15 PM, Stian Thorgersen <stian at redhat.com> wrote:

>
>
> ----- Original Message -----
> > From: "Hubert Przybysz" <h.p.przybysz at gmail.com>
> > To: "Stian Thorgersen" <stian at redhat.com>
> > Cc: "keycloak-user" <keycloak-user at lists.jboss.org>
> > Sent: Wednesday, 7 January, 2015 3:06:32 PM
> > Subject: Re: [keycloak-user] single logout
> >
> > It turned out to be a FW configuration issue after all.
> >
> > Now that the adapters get k_logout properly, I'm assuming that the way
> for
> > a jee application to learn about the logout is by listening to the
> > HttpSession, correct ?
>
> AFAIK that's the only way yes
>
> >
> > On Wed, Jan 7, 2015 at 1:54 PM, Stian Thorgersen <stian at redhat.com>
> wrote:
> >
> > > Currently the trust manager is actually disabled for these requests so
> > > that won't be the problem. We have an outstanding issue to fix this.
> > >
> > > ----- Original Message -----
> > > > From: "Hubert Przybysz" <h.p.przybysz at gmail.com>
> > > > To: "Stian Thorgersen" <stian at redhat.com>
> > > > Cc: "keycloak-user" <keycloak-user at lists.jboss.org>
> > > > Sent: Wednesday, 7 January, 2015 1:45:03 PM
> > > > Subject: Re: [keycloak-user] single logout
> > > >
> > > > It is reachable but perhaps it is a truststore issue.
> > > >
> > > > Which truststore is used by the server, the one configured in jboss
> for
> > > > https connector, or some other ?
> > > >
> > > > On Wed, Jan 7, 2015 at 1:25 PM, Stian Thorgersen <stian at redhat.com>
> > > wrote:
> > > >
> > > > > Looks like a configuration issue (or a bug) you should not have to
> > > > > implement anything as long as you use our adapters.
> > > > >
> > > > > Did you set the admin url correctly for the app? It has to be
> reachable
> > > > > from the Keycloak server. Also, if your app is behind a proxy or is
> > > > > clustered that can also impact on the config.
> > > > >
> > > > > ----- Original Message -----
> > > > > > From: "Hubert Przybysz" <h.p.przybysz at gmail.com>
> > > > > > To: "Stian Thorgersen" <stian at redhat.com>
> > > > > > Cc: "keycloak-user" <keycloak-user at lists.jboss.org>
> > > > > > Sent: Wednesday, 7 January, 2015 1:18:58 PM
> > > > > > Subject: Re: [keycloak-user] single logout
> > > > > >
> > > > > > I'm using your server-side java adapters. When I logout in one
> > > > > application
> > > > > > I'm getting the exception below when the server tries to logout
> the
> > > > > second
> > > > > > application (which led me to think I need to implement
> something).
> > > > > >
> > > > > > Logout for application 'app-2' failed:
> > > > > > org.apache.http.conn.HttpHostConnectException: Connection to
> https:/
> > > > > > xx.xx.net refused
> > > > > > at
> > > > > >
> > > > >
> > >
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190)
> > > > > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
> > > > > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
> > > > > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
> > > > > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
> > > > > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
> > > > > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
> > > > > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:182)
> > > > > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39)
> > > > > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40)
> > > > > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45)
> > > > > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > > > > at
> > > > >
> org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:444)
> > > > > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:688)
> > > > > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > > > > at
> > > org.jboss.resteasy.client.ClientRequest.post(ClientRequest.java:572)
> > > > > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.keycloak.services.managers.ResourceAdminManager.sendLogoutRequest(ResourceAdminManager.java:275)
> > > > > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.keycloak.services.managers.ResourceAdminManager.logoutClientSessions(ResourceAdminManager.java:207)
> > > > > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.keycloak.services.managers.ResourceAdminManager.logoutClientSession(ResourceAdminManager.java:167)
> > > > > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.keycloak.protocol.oidc.OpenIDConnect.backchannelLogout(OpenIDConnect.java:143)
> > > > > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.keycloak.services.managers.AuthenticationManager.logout(AuthenticationManager.java:97)
> > > > > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:994)
> > > > > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > > > > at
> > > > > >
> > > > >
> > >
> org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:927)
> > > > > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > > > > [rt.jar:1.7.0_72]
> > > > > >
> > > > > >
> > > > > > On Wed, Jan 7, 2015 at 12:53 PM, Stian Thorgersen <
> stian at redhat.com>
> > > > > wrote:
> > > > > >
> > > > > > > What adapters are you using? Our adapters already have built-in
> > > support
> > > > > > > for this. Server-side adapters (JEE) uses the admin url, while
> > > > > client-side
> > > > > > > (JS) uses a special iframe to detect logout.
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > > From: "Hubert Przybysz" <h.p.przybysz at gmail.com>
> > > > > > > > To: "keycloak-user" <keycloak-user at lists.jboss.org>
> > > > > > > > Sent: Wednesday, 7 January, 2015 12:19:12 PM
> > > > > > > > Subject: [keycloak-user] single logout
> > > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > I'm looking for information on how to implement single logout
> > > across
> > > > > > > > applications in the realm. There is an Admin URL setting per
> > > > > application
> > > > > > > in
> > > > > > > > the realm admin GUI which is to be set if the application
> > > supports
> > > > > "the
> > > > > > > > adapter REST API", but I failed to find any information about
> > > this
> > > > > API.
> > > > > > > Is
> > > > > > > > this the API to use for single logout ?
> > > > > > > >
> > > > > > > > Br / Hubert.
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > keycloak-user mailing list
> > > > > > > > keycloak-user at lists.jboss.org
> > > > > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150107/e588d20c/attachment-0001.html 


More information about the keycloak-user mailing list