<div dir="ltr">It turned out to be a FW configuration issue after all. <div><br></div><div>Now that the adapters get k_logout properly, I'm assuming that the way for a jee application to learn about the logout is by listening to the HttpSession, correct ?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 7, 2015 at 1:54 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Currently the trust manager is actually disabled for these requests so that won't be the problem. We have an outstanding issue to fix this.<br>
<span class="im HOEnZb"><br>
----- Original Message -----<br>
> From: "Hubert Przybysz" <<a href="mailto:h.p.przybysz@gmail.com">h.p.przybysz@gmail.com</a>><br>
> To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> Cc: "keycloak-user" <<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
</span><div class="HOEnZb"><div class="h5">> Sent: Wednesday, 7 January, 2015 1:45:03 PM<br>
> Subject: Re: [keycloak-user] single logout<br>
><br>
> It is reachable but perhaps it is a truststore issue.<br>
><br>
> Which truststore is used by the server, the one configured in jboss for<br>
> https connector, or some other ?<br>
><br>
> On Wed, Jan 7, 2015 at 1:25 PM, Stian Thorgersen <<a href="mailto:stian@redhat.com">stian@redhat.com</a>> wrote:<br>
><br>
> > Looks like a configuration issue (or a bug) you should not have to<br>
> > implement anything as long as you use our adapters.<br>
> ><br>
> > Did you set the admin url correctly for the app? It has to be reachable<br>
> > from the Keycloak server. Also, if your app is behind a proxy or is<br>
> > clustered that can also impact on the config.<br>
> ><br>
> > ----- Original Message -----<br>
> > > From: "Hubert Przybysz" <<a href="mailto:h.p.przybysz@gmail.com">h.p.przybysz@gmail.com</a>><br>
> > > To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> > > Cc: "keycloak-user" <<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
> > > Sent: Wednesday, 7 January, 2015 1:18:58 PM<br>
> > > Subject: Re: [keycloak-user] single logout<br>
> > ><br>
> > > I'm using your server-side java adapters. When I logout in one<br>
> > application<br>
> > > I'm getting the exception below when the server tries to logout the<br>
> > second<br>
> > > application (which led me to think I need to implement something).<br>
> > ><br>
> > > Logout for application 'app-2' failed:<br>
> > > org.apache.http.conn.HttpHostConnectException: Connection to https:/<br>
> > > <a href="http://xx.xx.net" target="_blank">xx.xx.net</a> refused<br>
> > > at<br>
> > ><br>
> > org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190)<br>
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> > > at<br>
> > ><br>
> > org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)<br>
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> > > at<br>
> > ><br>
> > org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)<br>
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> > > at<br>
> > ><br>
> > org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)<br>
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> > > at<br>
> > ><br>
> > org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)<br>
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> > > at<br>
> > ><br>
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)<br>
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> > > at<br>
> > ><br>
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)<br>
> > > [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> > > at<br>
> > ><br>
> > org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:182)<br>
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> > > at<br>
> > ><br>
> > org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39)<br>
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> > > at<br>
> > ><br>
> > org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40)<br>
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> > > at<br>
> > ><br>
> > org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45)<br>
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> > > at<br>
> > org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:444)<br>
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> > > at<br>
> > ><br>
> > org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:688)<br>
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> > > at org.jboss.resteasy.client.ClientRequest.post(ClientRequest.java:572)<br>
> > > [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> > > at<br>
> > ><br>
> > org.keycloak.services.managers.ResourceAdminManager.sendLogoutRequest(ResourceAdminManager.java:275)<br>
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> > > at<br>
> > ><br>
> > org.keycloak.services.managers.ResourceAdminManager.logoutClientSessions(ResourceAdminManager.java:207)<br>
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> > > at<br>
> > ><br>
> > org.keycloak.services.managers.ResourceAdminManager.logoutClientSession(ResourceAdminManager.java:167)<br>
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> > > at<br>
> > ><br>
> > org.keycloak.protocol.oidc.OpenIDConnect.backchannelLogout(OpenIDConnect.java:143)<br>
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> > > at<br>
> > ><br>
> > org.keycloak.services.managers.AuthenticationManager.logout(AuthenticationManager.java:97)<br>
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> > > at<br>
> > ><br>
> > org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:994)<br>
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> > > at<br>
> > ><br>
> > org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:927)<br>
> > > [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<br>
> > > [rt.jar:1.7.0_72]<br>
> > ><br>
> > ><br>
> > > On Wed, Jan 7, 2015 at 12:53 PM, Stian Thorgersen <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> > wrote:<br>
> > ><br>
> > > > What adapters are you using? Our adapters already have built-in support<br>
> > > > for this. Server-side adapters (JEE) uses the admin url, while<br>
> > client-side<br>
> > > > (JS) uses a special iframe to detect logout.<br>
> > > ><br>
> > > > ----- Original Message -----<br>
> > > > > From: "Hubert Przybysz" <<a href="mailto:h.p.przybysz@gmail.com">h.p.przybysz@gmail.com</a>><br>
> > > > > To: "keycloak-user" <<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
> > > > > Sent: Wednesday, 7 January, 2015 12:19:12 PM<br>
> > > > > Subject: [keycloak-user] single logout<br>
> > > > ><br>
> > > > > Hi,<br>
> > > > ><br>
> > > > > I'm looking for information on how to implement single logout across<br>
> > > > > applications in the realm. There is an Admin URL setting per<br>
> > application<br>
> > > > in<br>
> > > > > the realm admin GUI which is to be set if the application supports<br>
> > "the<br>
> > > > > adapter REST API", but I failed to find any information about this<br>
> > API.<br>
> > > > Is<br>
> > > > > this the API to use for single logout ?<br>
> > > > ><br>
> > > > > Br / Hubert.<br>
> > > > ><br>
> > > > > _______________________________________________<br>
> > > > > keycloak-user mailing list<br>
> > > > > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > > > > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> > > ><br>
> > ><br>
> ><br>
><br>
</div></div></blockquote></div><br></div>