I've been trying to make sure that logout functionality works properly within demos
deployed on AS7/Wildfly, with Keycloak server in another WF instance on a different port.
Debug stepping through code I can see that there is properly configured
org.keycloak.adapters.KeycloakDeployment instance available which contains all the proper
info, yet is not used in demo apps.
Rather, the demo apps manually compose relative urls which then point to the local
instance rather than remote instance where Keycloak server resides.
For example, customer-app.war/customers/view.jsp contains:
String logoutUri =
String acctUri =
These both produce relative urls ... org.keycloak.util.KeycloakUriBuilder looks like it
could be part of public API, org.keycloak.constants.ServiceUrlConstants could be
problematic as public API since final string fields are copied over to classes using them
at compile time.
But anyway ... I would like a way in my webapp to get to information that's in
KeycloakDeployment, specifically #getLogoutUrl(), and #getAccountUrl().
By itself KeycloakDeployment doesn't look API ready, also there's ?redirect_uri=
or ?referer= to be specified so there must be some other utility or API classes that can
return the proper urls using already available info. Makes no sense to manually compose
them in round-about and error prone ways from my app ...
Is there a known way to achieve this or is this something we can add - maybe to
Also, I'm not sure that AdapterUtils.getOriginForRestCalls() works properly by
returning a relative url on NEVER in the case when server is on a different host / port
than secured web app.
Show replies by date