[keycloak-user] Logout with openid-connect is not invalidating the session cookie.
Scott Rossillo
srossillo at smartling.com
Wed Sep 21 14:29:47 EDT 2016
Which adapter are you using?
Scott Rossillo
Smartling | Senior Software Engineer
srossillo at smartling.com
> On Sep 21, 2016, at 2:03 PM, Sean Schade <sean.schade at drillinginfo.com> wrote:
>
> We are having an issue where our browser application will initiate a logout, but after redirecting back to the application the user is not taken to the login screen. It appears the user is still logged in, and can fully access the application. I can see the session removed in Keycloak Admin UI. However, it appears the cookie never gets invalidated. Here is the redirect URL we use. Are we missing some configuration step in the client? I have standard flow, implicit flow, and direct access grants enabled. Valid redirect URIs, Base URL, and web origins are all configured in the client. Admin URL is not set as we are relying only on browser logout.
>
> https://auth.dev.drillinginfo.com/auth/realms/dev/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2Fapp.dev.drillinginfo.com/gallery/ <https://auth.dev.drillinginfo.com/auth/realms/dev/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2Fapp.dev.drillinginfo.com/gallery/>_______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160921/42af72f6/attachment.html
More information about the keycloak-user
mailing list