Re: [keycloak-dev] Improving SSO logout performance

Also, OIDC adapter needs a ?GLO=true option like saml does. For SAML it would be easy to implement this optimization. I don't think OIDC has a way to determine who sent the logout reqest. On 2/11/2016 2:43 PM, Bill Burke wrote: > There's also the option of doing logout via iframes in the browser. This > might be very useful for apps that need a browser logout. > > On 2/11/2016 11:57 AM, Marek Posolda wrote: >> Few things, which we can possibly do: >> >> - Currently when application initiates logout through >> servletRequest.logout , it sends request to Keycloak logout endpoint. >> This endpoint then sends backchannel request to all logged clients with >> registered admin URL. I think we can improve here and not send request >> to the original application, which initiated logout. >> >> For example: When product-portal application initiates logout through >> servletRequest.logout, the adapter itself should be already able to do >> all logout actions on it's side (invalidate httpSession etc) and there >> is no need to send another request from keycloak to product-portal to >> logout same httpSession. >> >> - Backchannel logout requests send by Keycloak (ResourceAdminManager) >> could be send in parallel. Currently they are send sequentially, which >> is not very optimal. >> >> WDYT? >> >> Marek >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev