Logout not send k_logout requests
by 张庆
Hi Guys,
I am using keycloak for several application single sign on solution. Keycloak works well in SSO, but I have troubles in single logout.
According to document [https://www.keycloak.org/docs/latest/securing_apps/index.html#logout] and other answers in mailing list. from my understanding, single logout will need following steps:
app a in http://172.17.0.1:5000 -> client_a
app b in http://172.17.0.5:3000 -> client_b
keycloak in http://172.17.0.2:8080
1. add admin_url for each client (just like following settings)
* Client Protocol: openid-connect
* Access Type: confidential
* Root URL: http://172.17.0.1:5000/
* Valid Redirect URls: http://172.17.0.1:5000/*
* Base URL: http://172.17.0.1:5000/
* Admin URL: http://172.17.0.1:5000/
2. Logout by redirect brower to http://172.17.0.2:8080/auth/realms/myrealm/protocol/openid-connect/logout...
3. All client sessions for user in current browser will be destroyed and keycloak will send logout signal (k_logout) to each client (admin_url), each client recieve the logout signal to remove user login info
In my experiment, by watch keycloak Manage/Sessions page, when the browser redirect to keycloak logout url, all session for current user have been destroyed, but app a and b do not recieved k_logout request. But if I direct click "logout all" button in Manage/Sessions page, all sessions have been destroyed and both app a and b recieved k_logout request. By redirect to logout url, the sessions have been destroyed, but not send logout signal each application still login status. What am I misunderstanding? Is there any detail example for single logout? I expect that user click logout in app a and all application in same realm logout together.
Another trouble is the client I used is openid-client which not implemented k_logout, how should I handle k_logout request, is there any document for handle k_logout?
Thanks
Qing Zhang
4 years, 3 months
- 2
- 2
Re: [keycloak-user] Too many redirects with remember me checked
by Amritha Amarnath
Thanks,
Application's redirect path configured in keycloak is http://<ipAddr>:8080>/medvisionapp/* and access the same with http://<ipAddr>:8080>/medvisionapp/ , is actually redirects to either /medvisionapp/view/MOBILE.html#search or /medvisionapp/view/desk.html#dsearch depending on screen width.
Eg :
http:// <ipAddr> :8080/auth/realms/dcm4che/protocol/openid-connect/auth?client_id=medvisionapp&redirect_uri =http%3A%2F%2F <ipAddr> %3A8080%2Fmedvisionapp%2Fview%2Fdesk.html%23dsearch &state=f8687b35-092f-4d78-82de-553b2af49057&response_mode=fragment&response_type=code&scope=openid&nonce=8fc3449b-6488-4417-a9c5-8df58e578937
But when the 'too many direct issue' occurs, in the browser console the redirect path in the url is the one that configured in keycloak.
Eg:
http://<ipAddr>:8080/auth/realms/dcm4che/protocol/openid-connect/auth?response_type=code&client_id=medvisionapp&redirect_uri= http%3A%2F%2F <ipAddr> %3A8080%2Fmedvisionapp% 2F&state=250229a7-0d03-4309-8747-6ca201a44473&login=true&scope=openid
Am i doing anything wrong in the configuration?
-- With Regards,
Amms
----- Original Message -----
From: "Amritha Amarnath" <amritha_amarnath(a)amritatech.com>
To: "Martin Kanis" <mkanis(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Friday, October 5, 2018 3:45:30 PM GMT +05:30 Chennai, Kolkata, Mumbai, New Delhi
Subject: Re: [keycloak-user] Too many redirects with remember me checked
Hello ,
Application is using keycloak-4.1.0.Final . For keycloak log please find attachment
--
With Regards,
Amms
----- Original Message -----
From: "Martin Kanis" <mkanis(a)redhat.com>
To: "amritha amarnath" <amritha_amarnath(a)amritatech.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Friday, October 5, 2018 2:02:36 PM GMT +05:30 Chennai, Kolkata, Mumbai, New Delhi
Subject: Re: [keycloak-user] Too many redirects with remember me checked
Hello,
what version of Keycloak do you have? Can you provide a Keycloak log?
Regards,
Martin
On Fri, Oct 5, 2018 at 8:51 AM Amritha Amarnath < amritha_amarnath(a)amritatech.com > wrote:
Hello,
My application have been deployed in Wildfly 11 and is integrated with standalone Keycloak and works fine. But the issue is, when the application is logged in with Remember-me checkbox checked, its showing too many redirects when restart the browser , even though the user session is valid. It leads to logout my application session manually from keycloak admin console.
Wildfly log says: Account was not in session, returning null , there was no code
Once the user session also get expired its showing the login page with pre-filled username and remember-me checked as expected.
I am new to keycloak. So any idea regarding too many redirects with remember-me checked ?
--
With Regards,
Amms
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
4 years, 3 months
- 1
- 0
- ← Newer
- 1
- Older →