There is one neat side-effect of current implementation in that it is
immediately apparent when backchannel events don't work due to
misconfiguration or firewall issues.
If the proposed optimisation is implemented I think we should add some
logging on the server that will make it very obvious when backchannel
events fail.
On Thu, Feb 11, 2016 at 5:57 PM, Marek Posolda <mposolda(a)redhat.com> wrote:
Few things, which we can possibly do:
- Currently when application initiates logout through
servletRequest.logout , it sends request to Keycloak logout endpoint.
This endpoint then sends backchannel request to all logged clients with
registered admin URL. I think we can improve here and not send request
to the original application, which initiated logout.
For example: When product-portal application initiates logout through
servletRequest.logout, the adapter itself should be already able to do
all logout actions on it's side (invalidate httpSession etc) and there
is no need to send another request from keycloak to product-portal to
logout same httpSession.
- Backchannel logout requests send by Keycloak (ResourceAdminManager)
could be send in parallel. Currently they are send sequentially, which
is not very optimal.
WDYT?
Marek
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev