[keycloak-dev] Sharing HttpClient in backchannelLogout

Looks that both OIDCLoginProtocol.backchannelLogout and SamlProtocol.backchannelLogout always create new instance of Apache HttpClient used just during single invocation. I suspect this is not very good for performance as HTTP connections pool needs to be always created again and again? We're doing it even if client doesn't have adminUrl (no sending of HTTP request is even needed). I wonder if we should share single instance of HttpClient (or ApacheHttpClient4Executor) per LoginProtocolFactory? Or even better, if we convert AuthenticationManager to the SPI (which is planned AFAIK) and pass the executor from there? Marek