<div dir="ltr"><div>hi bill,</div><div><br></div><div>Thanks for the solution given and it has resolved the first issue ( login to the app via pl sp filter but the login session cannot be seen in keycloak admin console)</div><div><br></div><div>However now there are few more issues with single sign out.</div><div><br></div><div>a) When i click on the global logout link (<a href="http://localhost:8080/employee/?GLO=true">http://localhost:8080/employee/?GLO=true</a>), the page just did a self refresh and it&#39;s not redirected to keycloak login page. I can see the keycloak session was gone from the keycloak admin console but the sample employee session still there.</div><div><br></div><div>b)  When i click on the local logout link (<a href="http://localhost:8080/employee/?LLO=true">http://localhost:8080/employee/?LLO=true</a>), the page just did a self refresh and it&#39;s not redirected to keycloak login page. I can see the keycloak session still in the keycloak admin console but the sample employee session still there.</div><div><br></div><div>c) When i click on the logout link (<a href="http://localhost:8080/employee/logout.jsp">http://localhost:8080/employee/logout.jsp</a>), the page just did a self refresh and it&#39;s not redirected to keycloak login page. I noticed the keycloak session still in the keycloak admin console but the sample employee session still there. Just wondering do i need to implement session.invalidate() in the logout,jsp but how to invalidate the keycloak session?</div><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke <span dir="ltr">&lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Ok, I may have diagnosed the problem.  Go to the admin console.  Go to the definition of your application.  Look at the Admin Url.  Does it have a &quot;/&quot; at the end of the URL?  If not, add a &#39;/&#39; at the end of this.<br>
<br>
i.e.<br>
<br>
<a href="http://somhere.com/app/" target="_blank">http://somhere.com/app/</a><br>
<br>
If that solves the issue, let me know and I&#39;ll explain what is going on.  FYI, I ran into the same problem running the SAML example in the distro and this fixed the problem.<span class=""><br>
<br>
<br>
<br>
<br>
On 3/4/2015 9:07 AM, Chen Keong Yap wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Hi bill,<br>
<br><span class="">
If i understand from you correctly,<br>
PL SAML SP and keycloak adapters are the same and referring to below items.<br>
<br>
Tomcat 6, 7, 8<br>
Jetty 8, 9<br>
EAP 6.x<br>
Wildfly<br>
Node.js<br>
Browser Javascript adapter.<br>
<br>
So far i have tested PL SAML SP filter using the following libs and it<br>
got the same 2 issues that was mentioned in the previous email.<br>
<br>
Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3 (commercial)<br>
<br>
keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0 beta 2<br>
<br>
On Mar 4, 2015 9:44 PM, &quot;Bill Burke&quot; &lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br></span><span class="">
&lt;mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;&gt; wrote:<br>
<br>
    Our testsuite uses PL SAML SP, not the filter though, and it works<br>
    fine.  I&#39;d have to recreate the problem using the PL SAML SP filter.<br>
<br>
    On 3/4/2015 8:04 AM, Chen Keong Yap wrote:<br>
<br>
        Hi bill,<br>
<br>
        Yup. I have configured the app in keycloak admin console. However i<br>
        encountered 2 issues.<br>
<br>
        First issue is that i was able to login to the app via pl sp<br>
        filter but<br>
        the login session cannot be seen in keycloak admin console<br>
<br>
        Second issue is that global logout was not working and the<br>
        landing page<br>
        just did a self refresh.<br>
<br>
        On Mar 4, 2015 8:55 PM, &quot;Bill Burke&quot; &lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
        &lt;mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;<br></span><div><div class="h5">
        &lt;mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> &lt;mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;&gt;&gt; wrote:<br>
<br>
             You can still use the PL Filter SP.  Just configure the<br>
        application<br>
             in the admin console to use SAML.<br>
<br>
             On 3/3/2015 11:36 PM, Chen Keong Yap wrote:<br>
<br>
                 Hi bill,<br>
<br>
                 the existing adapters cannot support jboss eap 5.0.2 and<br>
                 websphere 8.5<br>
                 and we are not allowed to use keycloak proxy.<br>
<br>
                 can you suggest any other alternative similar to<br>
        picketlink sp<br>
                 filter?<br>
<br>
                 On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke<br>
        &lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> &lt;mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;<br>
                 &lt;mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> &lt;mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;&gt;<br>
                 &lt;mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> &lt;mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> &lt;mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;&gt;&gt;&gt; wrote:<br>
<br>
                      There is no Keycloak SP filter.  We have various<br>
        adapters<br>
                 for different<br>
                      platforms that hook into servlet security to make<br>
                 integration seamless:<br>
<br>
                      Tomcat 6, 7, 8<br>
                      Jetty 8, 9<br>
                      EAP 6.x<br>
                      Wildfly<br>
                      Node.js<br>
                      Browser Javascript adapter.<br>
<br>
                      On 3/2/2015 10:22 PM, Chen Keong Yap wrote:<br>
                       &gt; Hi,<br>
                       &gt;<br>
                       &gt; Please share some lights for implementing<br>
        Keycloak sp<br>
                 filter which is<br>
                       &gt; similar to picketlink sp filter.<br>
                       &gt;<br>
                       &gt;<br></div></div>
        org.picketlink.identity.____<u></u>federation.web.filters.____<u></u>SPFilter<br>
                       &gt;<br>
                       &gt;<br>
                       &gt; ______________________________<u></u>_____________________<span class=""><br>
                       &gt; keycloak-user mailing list<br>
                       &gt; <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
        &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>&gt;<br>
                 &lt;mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
        &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>&gt;&gt;<br></span>
                 &lt;mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.<br>
        &lt;mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.&gt;_<u></u>___<a href="http://jboss.org" target="_blank">jboss.org</a> &lt;<a href="http://jboss.org" target="_blank">http://jboss.org</a>&gt;<br>
                 &lt;mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
        &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>&gt;&gt;&gt;<br>
                       &gt;<br>
        <a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><br>
        &lt;<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><u></u>&gt;<br>
<br>
        &lt;<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><br>
        &lt;<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><u></u>&gt;__&gt;<span class=""><br>
                       &gt;<br>
<br>
                      --<br>
                      Bill Burke<br>
                      JBoss, a division of Red Hat<br>
        <a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br></span>
                      ______________________________<u></u>_____________________<span class=""><br>
                      keycloak-user mailing list<br>
        <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a> &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>&gt;<br>
                 &lt;mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
        &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>&gt;&gt;<br></span>
                 &lt;mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.<br>
        &lt;mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.&gt;_<u></u>___<a href="http://jboss.org" target="_blank">jboss.org</a> &lt;<a href="http://jboss.org" target="_blank">http://jboss.org</a>&gt;<br>
                 &lt;mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
        &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>&gt;&gt;&gt;<br>
        <a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><br>
        &lt;<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><u></u>&gt;<br>
<br>
        &lt;<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><br>
        &lt;<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><u></u>&gt;__&gt;<span class=""><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
             --<br>
             Bill Burke<br>
             JBoss, a division of Red Hat<br>
        <a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
<br>
<br>
    --<br>
    Bill Burke<br>
    JBoss, a division of Red Hat<br>
    <a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
<br>
</span></blockquote><div class=""><div class="h5">
<br>
-- <br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div><br><div class="gmail_signature"><div dir="ltr"><div style="text-align:left"><br></div></div></div>
</div></div>