[keycloak-user] Spring Security adapter single logout

Hello, I'm using 1.7.0 final integrated with Spring Security (which itself is integrated into Grails) using OpenID Connect method. I've been kind of stuck with single (back-channel, k_logout) logout for a while. It seems it's handled by the preAuthActions filter which simply invalidates local sessions via a call to an injected HttpSessionManager. This manager stores active sessions in its instance and puts/removes them as a reaction on HttpSessionEvent. It looks like the HttpSessionManager has to be registered as JEE Listener in order to receive HttpSessionEvents. However, then you end up with two different instances - the listener and the bean in preAuthActions. Thus invalidation process can't reach the sessions stored in listener's instance and can't invalidate them at all. A big sorry if I miss something very obvious. Andy