Valerij TimofeevKind regardsThank you in advanceI'd appreciate quick response, because restarting production EAP cluster every day is not a pleasant option ;-)Logout is accomplished in a Java web applictaion by calling OIDC logout endpoint:We added to the durable load test additional scenario creating new users and were able to reproduce logout failure: users are getting empty page and not the login screen as expected. Page reload navigates back into the protected web application .Durable load tests in out test environment showed that login and logout of existing users don't result in above behaviour.I guess that this issue could be the cause of trouble in our production environment.We experience logout failures approximately after one and a half days of operation.
There are 4 EAP-6 nodes with Keycloak adapters and 2 Keycloak 1.9.4 standalone servers running in 2 clusters respectively.
Restarting EAP 6 nodes temporary resolves the logout problem.
FacesContext
.getCurrentInstance()
.getExternalContext()
.redirect(keycloakDeployment.getLogoutUrl().queryParam("redirect_uri", redirectURL).toTemplate());
Logout is initiated via h:commandLink, so I suppose that the OIDC logout endpoint is called via the GET method. Should we use the POST method instead?
Has servlet logout any advantages?
((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest()).logout();