[keycloak-user] Session timeout and SIngle Logout
Leonid Rozenblyum
lrozenblyum at gmail.com
Wed Sep 26 03:33:47 EDT 2018
Hello!
I'm using pac4j + Spring Security + keycloak as an Idp + SAML as an SSO
protocol.
I have a question about how to handle session timeout correctly for session
timeout scenario.
SCENARIO:
Let's have 2 web applications (WebApp1, WebApp2)
Let WebApp2 have some small session timeout (for easiness of testing, e.g.
1 minute)
Log-in into WebApp1
Open WebApp2 in another tab of the same browser (so the user will be
authenticated automatically through keycloak)
Close the tab with WebApp2
Wait till the session of WebApp2 expires
Try to log-out from WebApp1
EXPECTED:
Single Logout works
ACTUALLY:
We're relogined to WebApp1
Reason:
We got redirected to Idp, then to WebApp2, inside WebApp2
Security library cannot cannot load the SSO-related information because it
doesn't longer exist in the session (the session has been expired).
So the single Logout procedure fails and we are still logged-in.
Does keycloak have some support for this kind of scenario? Any workarounds
can be applied? It looks to be a not very rare situation when the user
closes the browser tab.
Thanks in advance for help!
More information about the keycloak-user
mailing list