[keycloak-user] Logout with openid-connect is not invalidating the session cookie.
Sean Schade
sean.schade at drillinginfo.com
Wed Sep 21 14:03:02 EDT 2016
We are having an issue where our browser application will initiate a
logout, but after redirecting back to the application the user is not taken
to the login screen. It appears the user is still logged in, and can fully
access the application. I can see the session removed in Keycloak Admin UI.
However, it appears the cookie never gets invalidated. Here is the redirect
URL we use. Are we missing some configuration step in the client? I have
standard flow, implicit flow, and direct access grants enabled. Valid
redirect URIs, Base URL, and web origins are all configured in the client.
Admin URL is not set as we are relying only on browser logout.
https://auth.dev.drillinginfo.com/auth/realms/dev/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2Fapp.dev.drillinginfo.com/gallery/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160921/7e060d7a/attachment.html
More information about the keycloak-user
mailing list