<div dir="ltr">Hi Marek,<div><br></div><div>I've just tested backchannel logout and it's showing same issue. Both applications are using PL SP Filter and the steps below are used for testing.</div><div><div class="gmail_extra"><br></div><div class="gmail_extra">1. Open <a href="https://localhost:8443/employee/">https://localhost:8443/employee/</a> and http request is redirected to <a href="https://localhost:8443/auth/realms/saml-demo-1/protocol/saml">https://localhost:8443/auth/realms/saml-demo-1/protocol/saml</a></div><div class="gmail_extra"><br></div><div class="gmail_extra">2. Enter username and password into keycloak login page and redirected to employee landing page</div><div class="gmail_extra"><br></div><div class="gmail_extra">3. Open <a href="https://localhost:8443/sales-post/">https://localhost:8443/sales-post/</a> and redirected to sales-post landing page without login</div><div class="gmail_extra"><br></div><div class="gmail_extra">4. Logon to keycloak admin console and noticed there are 2 active sessions<br></div><div class="gmail_extra"><br></div><div class="gmail_extra">5. Perform global logout from employee landing page (<a href="https://localhost:8443/employee/?GLO=true">https://localhost:8443/employee/?GLO=true</a>) and http request is redirected to <a href="https://localhost:8443/auth/realms/saml-demo-1/protocol/saml">https://localhost:8443/auth/realms/saml-demo-1/protocol/saml</a></div><div class="gmail_extra"><br></div><div class="gmail_extra">6. Logon to keycloak admin console and noticed all sessions are gone</div><div class="gmail_extra"><br></div><div class="gmail_extra">7. Refresh sales-post landing page and it's not redirected to keycloak login page. sales-post session still active.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Kindly advise why GLO is performed but the second application (sales-post) session still active?</div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 3, 2015 at 3:36 PM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Switch the "Front channel logout" to
off. In this case it should use backchannel (not redirecting
through browser, but sending logout requests from Keycloak in
background)<span class=""><font color="#888888"><br>
<br>
Marek</font></span><div><div class="h5"><br>
<br>
<br>
On 3.4.2015 08:28, Chen Keong Yap wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Hi Merek,</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">I've tried frontChannel logout in
1.2.0.Beta1 and it's giving me the same issues, please refer
to the settings shown in the screen shot.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Can you please advise how to test
backchannel logout?</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><img src="cid:part1.08040304.03040901@redhat.com" alt="Inline
image 1" height="282" width="538"><br>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Apr 3, 2015 at 1:50 PM, Marek
Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>I would try to upgrade to latest 1.2.0.Beta1 as it
has some related fixes AFAIK.<br>
<br>
In this version, you have also possibility to setup
either frontChannel logout or backchannel logout for
the application. It could be set in Keycloak admin
console. I think that at least one of them will work
with SP filter in latest version (if not both).<br>
<br>
Marek
<div>
<div><br>
<br>
On 3.4.2015 01:44, Chen Keong Yap wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">
<div>
<div>Hi,</div>
<div><br>
</div>
<div>I've 2 applications installed with
Picketlink SPFilter to authenticate with
keycloak 1.1.0 beta 2.</div>
<div><br>
</div>
<div>When i perform global logout, first
application was logged out successfully
because SP/keycloak session and application
http session are removed but the problem is
second </div>
<div>application SP/keycloak session is
removed but application http session is
still remained. I've set admin url for these
2 applications in keycloak admin console.
Kindly share your ideas.</div>
<div><br>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
<br>
<div>
<div dir="ltr">
<div style="text-align:left"><br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br><br clear="all"><div><br></div> <br><div class="gmail_signature"><div dir="ltr"><div style="text-align:left"><br></div></div></div>
</div></div></div>