<p dir="ltr">Hi bill,</p>
<p dir="ltr">Please advise when the patch for logout will be released? Can you share what is with the logout?</p>
<div class="gmail_quote">On Mar 10, 2015 2:02 AM, "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I fixed some bugs around logout in 1.2, master git, but we're not releasing this for a few weeks. I don't know if that is your problem or not. I have not yet been able to take the time to reproduce your problems on 1.1 yet.<br>
<br>
On 3/8/2015 9:53 PM, Chen Keong Yap wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
hi bill,<br>
<br>
can you advise regarding the global sign out issue?<br>
<br>
On Thu, Mar 5, 2015 at 9:29 AM, Chen Keong Yap <<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.com</a><br>
<mailto:<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.<u></u>com</a>>> wrote:<br>
<br>
hi bill,<br>
<br>
Thanks for the solution given and it has resolved the first issue<br>
( login to the app via pl sp filter but the login session cannot be<br>
seen in keycloak admin console)<br>
<br>
However now there are few more issues with single sign out.<br>
<br>
a) When i click on the global logout link<br>
(<a href="http://localhost:8080/employee/?GLO=true" target="_blank">http://localhost:8080/<u></u>employee/?GLO=true</a>), the page just did a self<br>
refresh and it's not redirected to keycloak login page. I can see<br>
the keycloak session was gone from the keycloak admin console but<br>
the sample employee session still there.<br>
<br>
b) When i click on the local logout link<br>
(<a href="http://localhost:8080/employee/?LLO=true" target="_blank">http://localhost:8080/<u></u>employee/?LLO=true</a>), the page just did a self<br>
refresh and it's not redirected to keycloak login page. I can see<br>
the keycloak session still in the keycloak admin console but the<br>
sample employee session still there.<br>
<br>
c) When i click on the logout link<br>
(<a href="http://localhost:8080/employee/logout.jsp" target="_blank">http://localhost:8080/<u></u>employee/logout.jsp</a>), the page just did a<br>
self refresh and it's not redirected to keycloak login page. I<br>
noticed the keycloak session still in the keycloak admin console but<br>
the sample employee session still there. Just wondering do i need to<br>
implement session.invalidate() in the logout,jsp but how to<br>
invalidate the keycloak session?<br>
<br>
<br>
On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke <<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>> wrote:<br>
<br>
Ok, I may have diagnosed the problem. Go to the admin console.<br>
Go to the definition of your application. Look at the Admin<br>
Url. Does it have a "/" at the end of the URL? If not, add a<br>
'/' at the end of this.<br>
<br>
i.e.<br>
<br>
<a href="http://somhere.com/app/" target="_blank">http://somhere.com/app/</a><br>
<br>
If that solves the issue, let me know and I'll explain what is<br>
going on. FYI, I ran into the same problem running the SAML<br>
example in the distro and this fixed the problem.<br>
<br>
<br>
<br>
<br>
On 3/4/2015 9:07 AM, Chen Keong Yap wrote:<br>
<br>
Hi bill,<br>
<br>
If i understand from you correctly,<br>
PL SAML SP and keycloak adapters are the same and referring<br>
to below items.<br>
<br>
Tomcat 6, 7, 8<br>
Jetty 8, 9<br>
EAP 6.x<br>
Wildfly<br>
Node.js<br>
Browser Javascript adapter.<br>
<br>
So far i have tested PL SAML SP filter using the following<br>
libs and it<br>
got the same 2 issues that was mentioned in the previous email.<br>
<br>
Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3<br>
(commercial)<br>
<br>
keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0 beta 2<br>
<br>
On Mar 4, 2015 9:44 PM, "Bill Burke" <<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>>> wrote:<br>
<br>
Our testsuite uses PL SAML SP, not the filter though,<br>
and it works<br>
fine. I'd have to recreate the problem using the PL<br>
SAML SP filter.<br>
<br>
On 3/4/2015 8:04 AM, Chen Keong Yap wrote:<br>
<br>
Hi bill,<br>
<br>
Yup. I have configured the app in keycloak admin<br>
console. However i<br>
encountered 2 issues.<br>
<br>
First issue is that i was able to login to the app<br>
via pl sp<br>
filter but<br>
the login session cannot be seen in keycloak admin<br>
console<br>
<br>
Second issue is that global logout was not working<br>
and the<br>
landing page<br>
just did a self refresh.<br>
<br>
On Mar 4, 2015 8:55 PM, "Bill Burke"<br>
<<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>>>> wrote:<br>
<br>
You can still use the PL Filter SP. Just<br>
configure the<br>
application<br>
in the admin console to use SAML.<br>
<br>
On 3/3/2015 11:36 PM, Chen Keong Yap wrote:<br>
<br>
Hi bill,<br>
<br>
the existing adapters cannot support jboss<br>
eap 5.0.2 and<br>
websphere 8.5<br>
and we are not allowed to use keycloak proxy.<br>
<br>
can you suggest any other alternative<br>
similar to<br>
picketlink sp<br>
filter?<br>
<br>
On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke<br>
<<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>>><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>>>>> wrote:<br>
<br>
There is no Keycloak SP filter. We<br>
have various<br>
adapters<br>
for different<br>
platforms that hook into servlet<br>
security to make<br>
integration seamless:<br>
<br>
Tomcat 6, 7, 8<br>
Jetty 8, 9<br>
EAP 6.x<br>
Wildfly<br>
Node.js<br>
Browser Javascript adapter.<br>
<br>
On 3/2/2015 10:22 PM, Chen Keong Yap<br>
wrote:<br>
> Hi,<br>
><br>
> Please share some lights for<br>
implementing<br>
Keycloak sp<br>
filter which is<br>
> similar to picketlink sp filter.<br>
><br>
><br>
<br>
org.picketlink.identity.______<u></u>federation.web.filters.______<u></u>SPFilter<br>
><br>
><br>
><br>
______________________________<u></u>_______________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.<br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.>_<u></u>___<a href="http://jboss.org" target="_blank">jboss.org</a> <<a href="http://jboss.org" target="_blank">http://jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>>><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>>.<br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>>.><u></u>______<a href="http://jboss.org" target="_blank">jboss.org</a><br>
<<a href="http://jboss.org" target="_blank">http://jboss.org</a>> <<a href="http://jboss.org" target="_blank">http://jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.<br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.>_<u></u>___<a href="http://jboss.org" target="_blank">jboss.org</a> <<a href="http://jboss.org" target="_blank">http://jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>>>><br>
><br>
<a href="https://lists.jboss.org/______mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/______<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><u></u>><br>
<br>
<<a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><u></u>>__><br>
<br>
<br>
<<a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><u></u>><br>
<br>
<<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><u></u>>__>__><br>
><br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
<br>
______________________________<u></u>_______________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.<br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.>_<u></u>___<a href="http://jboss.org" target="_blank">jboss.org</a> <<a href="http://jboss.org" target="_blank">http://jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>>><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>>.<br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>>.><u></u>______<a href="http://jboss.org" target="_blank">jboss.org</a><br>
<<a href="http://jboss.org" target="_blank">http://jboss.org</a>> <<a href="http://jboss.org" target="_blank">http://jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.<br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.>_<u></u>___<a href="http://jboss.org" target="_blank">jboss.org</a> <<a href="http://jboss.org" target="_blank">http://jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>>>><br>
<a href="https://lists.jboss.org/______mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/______<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><u></u>><br>
<br>
<<a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><u></u>>__><br>
<br>
<br>
<<a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><u></u>><br>
<br>
<<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><u></u>>__>__><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
<br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
<br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
--<br>
Best Regards,<br>
<br>
CK Yap<br>
Technology Consultant<br>
<br>
Tel: <a href="tel:%2B65%206100%202788" value="+6561002788" target="_blank">+65 6100 2788</a><br>
Fax:<a href="tel:%2B65%206233%209376" value="+6562339376" target="_blank">+65 6233 9376</a><br>
<br>
iZeno Pte Ltd<br>
72 Bendemeer Road<br>
Luzerne #05-28<br>
Singapore 339941<br>
<br>
<br>
This communication contains information which may be confidential or<br>
privileged. The information is intended solely for the use of the<br>
individual or entity named above. If you are not the intended<br>
recipient,be aware that any disclosure, copying, distribution or use of<br>
the contents of this information is prohibited.If you have received this<br>
communication in error, please notify me by telephone immediately.<br>
<br>
</blockquote>
<br>
-- <br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
</blockquote></div>