[keycloak-user] Keycloak SAML tomcat adapter and correct log-out
Luis Rodríguez Fernández
uo67113 at gmail.com
Tue Oct 9 11:40:37 EDT 2018
Hello Leonind,
Sorry for being so late to the GLO party...
For me the keycloak global logout works, except for the "tiny little
detail" that keycloak fails veryfing my IdP signature response, you can
have a look here [1]
Apart from [2] there is no other documentation.
For me setting validateResponseSignature="false" in SingleLogoutService
works. However I would like to make it work with the signature verification.
Did you manage to make it fully working on your side?
Cheers,
Luis
[1]
http://lists.jboss.org/pipermail/keycloak-user/2018-September/015420.html
[2] https://www.keycloak.org/docs/latest/securing_apps/index.html#logout-2
El lun., 21 may. 2018 a las 11:51, Leonid Rozenblyum (<lrozenblyum at gmail.com>)
escribió:
> Hello!
>
> I'm using a keycloak tomcat SAML adapter and I have a question related to
> ?GLO=true way of logging-out (since Tomcat doesn't implement full JavaEE
> stack, request.logout() is not the way to go, right?).
>
> When I use GLO=true, my session inside the Keycloak is indeed invalidated
> however the local session in Tomcat is not.
>
> When I try session.invalidate() and then redirect to GLO=true, sometimes my
> protected page still can be loaded.
>
> Is there a robust documented way to do the logout with help of Keycloak
> SAML tomcat adapter?
>
> Thanks
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
More information about the keycloak-user
mailing list