[keycloak-user] backchannel logout, Logout-all-sessions as user
Marek Posolda
mposolda at redhat.com
Fri Jun 2 11:06:09 EDT 2017
You're right. It seems we somehow missing the event for Account
management logout. Could you please create JIRA for it?
Eventually if you want to submit PR, feel free to do that. The code is
in AccountService.processSessionsLogout . The test is already in
AccountTest.sessions() and it is calling events.expectLogout(), but
doesn't call "assertEvent()" in the end, so the assertion error is
currently not thrown even if it doesn't work.
Thanks,
Marek
On 02/06/17 07:58, Jan Bartosz wrote:
> HI,
>
> Many Thanks for reply!
> The issue is that I've created EventListener in order to do some audit
> logging from caught events. So , for example when user performs
> frontend/browser login/logout actions, corresponding
> events(EventType.LOGIN/LOGOUT) are sent, so I can log that info to my audit
> log. However, on 'Mange account '-> 'Sessions' I can 'Log out all
> sessions' and this action does not send any event, so I'm not able to log
> via my EventListener anything.
> So, the lack of event is done by purpose, or do you plan maybe to introduce
> it?
>
> Kind Regards!
>
>
> 2017-06-01 18:15 GMT+02:00 Bill Burke <bburke at redhat.com>:
>
>> backchannel logouts require authenticated and authorized requests. So
>> what's the problem? don't understand
>>
>>
>> On 6/1/17 10:29 AM, Jan Bartosz wrote:
>>> Hi,
>>>
>>> My concern is about logging 'logout-all-sessions' action as a user. I see
>>> AdminEvent is raised in case admin invokes it.
>>> I assume it was done by purpose - is there some rule/specification
>> behind,
>>> like "backchannel logouts shouldn't be exposed to the outside world"?
>>> Is there a way I can create some provider/broker/... maybe aspect, or
>>> extend some behaviour to catch this backchannel-logout?
>>>
>>> Many Thanks in advance!
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list