I am using keycloak to authenticate users of two applications. One
application is Django based protected using mod_auth_openidc over apache,
where is the 2nd application is Java based hosted on wildfly and protected
using keycloak specific java adapter. The SSO works fine on both
applications. However, the problem occurs in case of Logout. When I perform
logout from Django application, then both applications are redirected to
login on next request. However, when I perform logout on java application,
then Django application still works as normal rather than asking for login
again on next request.
As per the keycloak documentation, Admin URL shall be set for a particular
client that can be used by Keycloak server to send backend requests to the
application for various tasks, like logout users or push revocation
policies. This doesn't seem to work as I can not see any back-end request
generated by keycloak against the logout perform by Java-based application.
If I generate the logout from keycloak admin utility then apache logs show a
post action for k_logout.
I think, I am missing some configuration, but don't know what? Any idea/help
in this regard will be much appreciated. Many thanks.
I am using the following versions of different components,
mod_auth_openidc 2.3.7
apache 2.4.34
Ubuntu 16.4
Keycloak 4.2.1
and my mod_auth_openidc configurations are:
WSGIDaemonProcess myproject python-home=path_to_v_env
python-path=path_to_python
WSGIProcessGroup myproject
WSGIScriptAlias / path_to_wsgi.py
OIDCProviderMetadataURL
http://keycloak_domain/auth/realms/demo/.well-known/openid-configuration
OIDCRedirectURI
http://domain_name/testapp
OIDCCryptoPassphrase random4321
OIDCClientID testapp
OIDCClientSecret client_secret
OIDCDefaultLoggedOutURL
http://domain_name/
OIDCScope "openid email profile"
<Location /testapp/>
AuthType openid-connect
Require valid-user
</Location>
--
Sent from:
http://keycloak-user.88327.x6.nabble.com/