[keycloak-user] logout not working with IDPs
Nijo Johny
nijo.johny at aol.com
Mon Nov 20 09:57:10 EST 2017
Hello,
My use case - Enables users SSO with multiple IDPs such as okta, one login, adfs etc.
I have single sign on working with all IDPs, no problems. But logout is now working.
Here is my setup.
Our front end (Single Page) application is configured with OICD client to keycloak. Keycloak acts as broker to all external IDPs using SAML. Okta, ADFS and One login are configured as Identity provides under the realm.
To enable logout on Okta side there an option "Allow application to initiate Single Logout" But for this, I need to provide 3 parameteres
1. Single Logout url (The location of where the logout response will be sent)
2. SP Issuer (The issuer of the service provider)
3. Signature Certificate. (Determines the public key certificate used to verify the digital signature).
I need help with 2 and 3. Keycloak Documentation says Realm Keys are used to sign, but
how to export this from keycloak to import to Okta? Okta only allows to import it.
What should I provide for SP Issuer?
Note: Back channel logout is not enabled.
Regards,
NJ
More information about the keycloak-user
mailing list