[keycloak-user] backchannel logout, Logout-all-sessions as user
Jan Bartosz
janek.bartosz at gmail.com
Fri Jun 2 01:58:49 EDT 2017
HI,
Many Thanks for reply!
The issue is that I've created EventListener in order to do some audit
logging from caught events. So , for example when user performs
frontend/browser login/logout actions, corresponding
events(EventType.LOGIN/LOGOUT) are sent, so I can log that info to my audit
log. However, on 'Mange account '-> 'Sessions' I can 'Log out all
sessions' and this action does not send any event, so I'm not able to log
via my EventListener anything.
So, the lack of event is done by purpose, or do you plan maybe to introduce
it?
Kind Regards!
2017-06-01 18:15 GMT+02:00 Bill Burke <bburke at redhat.com>:
> backchannel logouts require authenticated and authorized requests. So
> what's the problem? don't understand
>
>
> On 6/1/17 10:29 AM, Jan Bartosz wrote:
> > Hi,
> >
> > My concern is about logging 'logout-all-sessions' action as a user. I see
> > AdminEvent is raised in case admin invokes it.
> > I assume it was done by purpose - is there some rule/specification
> behind,
> > like "backchannel logouts shouldn't be exposed to the outside world"?
> > Is there a way I can create some provider/broker/... maybe aspect, or
> > extend some behaviour to catch this backchannel-logout?
> >
> > Many Thanks in advance!
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list