[keycloak-user] RP-initiated backchannel logout
Мартынов Илья
imartynovsp at gmail.com
Mon Jan 21 03:10:24 EST 2019
Hello,
My RP should support dropping user's session by admin. I need to drop KC
session together with RP's session. But I can't use frontchannel here as
admin is dropping session for another user. So RP-initiated backchannel
logout is required. I see no docs about this functionality in KC. We use
OpenID Connect between RP and KC, so I've searched protocol specs.
From section "3. RP-Initiated Logout Functionality" of
https://openid.net/specs/openid-connect-backchannel-1_0.html and from
section "5. RP-Initiated Logout" of
https://openid.net/specs/openid-connect-session-1_0.html one can conclude
that sending backchannel request to end_session_endpoint with ID token
should drop the session on KC side.
Could you please comment, is my understanding correct?
More information about the keycloak-user
mailing list