[keycloak-user] OIDC certification: single logout with mod_auth_openidc

[Stian Thorgersen]

Looks like our iframe implementation is not correct according to the spec.
Added https://issues.jboss.org/browse/KEYCLOAK-3625 to be fixed for 2.3.

With regards to front/back channel logout specs they are still in draft and
are also optional specifications. We will consider implementing these in
the future.

On 26 September 2016 at 16:47, Bill Burke <bburke at redhat.com> wrote:

> Our Javascript adapter supports the iframe session management stuff.
> Also, OIDC added a logout endpoint.  See front and back channel logout
> specs:
>
> http://openid.net/connect/
>
> We may do something proprietary here, but no reason we can't support those
> new specs.
>
> On 9/26/16 7:53 AM, Valerij Timofeev wrote:
>
> Hi,
>
> I wonder whether the topic of Session Management will be covered by the
> OIDC certification
> https://issues.jboss.org/browse/KEYCLOAK-524
>
> I'm asking this question because there is an issue with single logout in
> mod_aut_openidc:
> According to the main mod_aut_openidc project's contributor Hans Zandbelt the
> implementation in Keycloak "is not an implementation of OpenID Connect's
> Session Management. Looking at the spec: http://openid.net/specs/
> openid-connect-session-1_0.html#OPiframe..."
> <http://openid.net/specs/openid-connect-session-1_0.html#OPiframe>
> Details can be found in https://github.com/pingidentity/mod_auth_openidc/
> issues/175
>
> Best regards
> Valerij
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160928/7e781510/attachment.html