<div dir="ltr">Looks like our iframe implementation is not correct according to the spec. Added <a href="https://issues.jboss.org/browse/KEYCLOAK-3625">https://issues.jboss.org/browse/KEYCLOAK-3625</a> to be fixed for 2.3.<div><br></div><div>With regards to front/back channel logout specs they are still in draft and are also optional specifications. We will consider implementing these in the future.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 26 September 2016 at 16:47, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Our Javascript adapter supports the iframe session management
stuff. Also, OIDC added a logout endpoint. See front and back
channel logout specs:</p>
<p><a href="http://openid.net/connect/" target="_blank">http://openid.net/connect/</a></p>
<p>We may do something proprietary here, but no reason we can't
support those new specs.<br>
</p><div><div class="h5">
<br>
<div>On 9/26/16 7:53 AM, Valerij Timofeev
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">
<div>
<div>
<div>Hi,<br>
<br>
I wonder whether the topic of Session Management will be
covered by the OIDC certification<br>
<a href="https://issues.jboss.org/browse/KEYCLOAK-524" target="_blank">https://issues.jboss.org/<wbr>browse/KEYCLOAK-524</a><br>
<br>
I'm asking this question because there is an issue with
single logout in mod_aut_openidc:</div>
According to<span>
the main </span><span>mod_aut_openidc project's contributor Hans
Zandbelt </span>the implementation in Keycloak "is not an
implementation of OpenID Connect's Session Management.
Looking at the spec: <a href="http://openid.net/specs/openid-connect-session-1_0.html#OPiframe" target="_blank">http://openid.net/specs/<wbr>openid-connect-session-1_0.<wbr>html#OPiframe..."</a><br>
</div>
<div>Details can be found in <a href="https://github.com/pingidentity/mod_auth_openidc/issues/175" target="_blank">https://github.com/<wbr>pingidentity/mod_auth_openidc/<wbr>issues/175</a>
<br>
</div>
<div><br>
</div>
Best regards<br>
</div>
Valerij<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>______________________________<wbr>_________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
<br>______________________________<wbr>_________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>