12:57 p.m.
I have my worries about this spec. It was proposed back in Jan 2017 and is
still in draft state. It seems to be abandoned.
Before adding support for this spec we should look for alternatives and
check what the status is of the spec and why nothing is happening with it.
On Tue, 12 Mar 2019 at 13:16, Diego Liberalquino <diegoliber(a)gmail.com>
wrote:
Hi,
I want to make the contribution, yes. I'm very interested that this feature
gets implemented on Keycloak. It'll take some time though, I'm still
familiarizing myself with Keycloak's test suite, so I want to make sure my
contribution doesn't break anything.
I've read this discussion about iframe based logout on SAML and agree on
100% percent that the iframe-based approach is the best solution for this
problem and I was already getting inspiration from the SAML implementation.
OIDC FrontChannel Spec also expects the use of iframes [1].
Thanks for the follow up!
[1] https://openid.net/specs/openid-connect-frontchannel-1_0.html
Diego
On Tue, Mar 12, 2019 at 8:36 AM Thomas Darimont <
thomas.darimont(a)googlemail.com> wrote:
> Link to the discussion was broken:
> [2] http://lists.jboss.org/pipermail/keycloak-dev/2017-May/009260.html
>
> Am Di., 12. März 2019 um 12:30 Uhr schrieb Marek Posolda <
> mposolda(a)redhat.com>:
>
>> Hi,
>>
>> there is this JIRA opened already [1] . We have it planned, so we want
>> to look at it, but lack of other things caused that this wasn't
>> prioritized in last years... Do you want to contribute the feature?
>>
>> BTV. There is this old discussion when we discuss the "iframes" to be
>> used for frontchannel logout rather than redirect based approach [2].
>> You can see some more context by going through this old thread. I think
>> that we already support iframe based frontchannel logout for SAML
>> specification, or at least it is already available in Hynek's branch as
>> mentioned in the comment of this JIRA [3]. So hopefully OIDC can re-use
>> some parts of it.
>>
>> Let us know if you're interested in contributing this.
>>
>> [1] https://issues.jboss.org/browse/KEYCLOAK-2939
>> [2] http://lists.jboss.org/pipermail/keycloak-dev/2017-May/009260.htm
>> [3] https://issues.jboss.org/browse/KEYCLOAK-5449
>>
>> Marek
>>
>> On 10/03/2019 04:03, Diego Liberalquino wrote:
>> > Hello,
>> >
>> > A thing that bothers me on Keycloak is the lack of implementation of
>> > Front-Channel Logout for OpenID Clients. Is there any technical reason
>> for
>> > this or is just awaiting a community contribution? I mean, the spec is
>> > supported for SAML clients, and it also works for external OIDC
>> providers.
>> >
>> > Best regards,
>> > Diego Liberalquino
>> > _______________________________________________
>> > keycloak-dev mailing list
>> > keycloak-dev(a)lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev