Re: [keycloak-dev] Session SPI for adapters
On 6.10.2014 15:26, Bill Burke wrote:
A few more things:
Stian made a good point that any extensions we do have to be
compatible with non keycloak pure oidc adapters. The thing is though,
OIDC doesn't have a logout request like SAML does. I'll ping pedro to
see if session information can be extracted from a logout request.
AFAIR SAML single-sign out is based on chain of browser redirections to
all apps where you are logged. No "out-of-bound" requests . At least
that's how picketlink is doing afaik (not 100% sure and not sure about
SAML specs). So in this case logout request is browser-based and have
access to JSESSIONID cookie. Hence there is no need to maintain
sessionId in keycloak or any state on adapters as well. I am not 100%
sure (will try to doublecheck..)
Marek