Question about logout: Should logout always trigger parent broker logout
even if "child" is not the initiator of parent SSO login?
Some example: I have keycloak server on configured to login against
Salesforce SAML broker
1) I login to Salesforce
2) Then I login to Keycloak with usage of Salesforce broker
3) Now I trigger logout from Keycloak. Should it trigger logout from
Salesforce too? IMO it shouldn't as localhost:8081 wasn't the initiator
of the Salesforce login (in step 1).
Wdyt?
Marek
On 25.3.2015 14:57, Stian Thorgersen wrote:
Had a quick look at it and seems Facebook and GitHub return access
token response as form-url-encoded (access_token=<...>&foo=bar).
Another thing I spotted was that I'm pretty sure we're not validating the SSL
connection when sending requests to the IdPs. We should drop the SimpleHttp util I created
and use something better (Apache or RestEasy) and make sure it's possible to setup a
truststore). SimpleHttp was only created as we initially wanted the social lib to be a
reusable lightweight lib, but now it's only for KC so there's no point in it and
it's pretty crap for many reasons!
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Wednesday, 25 March, 2015 2:52:07 PM
> Subject: [keycloak-dev] social/broker errors
>
> I'll look into all the social/broker errors and test out on all social
> providers (again) after I finish up some logout work.
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev