Why not just kick off the backchannel logout requests sent by Keycloak asynchronously? The logout requesting app can’t do anything if they fail anyway.

Scott Rossillo
Smartling | Senior Software Engineer
srossillo@smartling.com

On Feb 11, 2016, at 11:57 AM, Marek Posolda <mposolda@redhat.com> wrote:

Few things, which we can possibly do:

- Currently when application initiates logout through
servletRequest.logout , it sends request to Keycloak logout endpoint.
This endpoint then sends backchannel request to all logged clients with
registered admin URL. I think we can improve here and not send request
to the original application, which initiated logout.

For example: When product-portal application initiates logout through
servletRequest.logout, the adapter itself should be already able to do
all logout actions on it's side (invalidate httpSession etc) and there
is no need to send another request from keycloak to product-portal to
logout same httpSession.

- Backchannel logout requests send by Keycloak (ResourceAdminManager)
could be send in parallel. Currently they are send sequentially, which
is not very optimal.

WDYT?

Marek
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev