Looks like our iframe implementation is not correct according to the spec. Added https://issues.jboss.org/browse/KEYCLOAK-3625 to be fixed for 2.3.

With regards to front/back channel logout specs they are still in draft and are also optional specifications. We will consider implementing these in the future.

On 26 September 2016 at 16:47, Bill Burke <bburke@redhat.com> wrote:

Our Javascript adapter supports the iframe session management stuff. Also, OIDC added a logout endpoint. See front and back channel logout specs:

http://openid.net/connect/

We may do something proprietary here, but no reason we can't support those new specs.

On 9/26/16 7:53 AM, Valerij Timofeev wrote:
Hi,

I wonder whether the topic of Session Management will be covered by the OIDC certification
https://issues.jboss.org/browse/KEYCLOAK-524

I'm asking this question because there is an issue with single logout in mod_aut_openidc:
According to the main mod_aut_openidc project's contributor Hans Zandbelt the implementation in Keycloak "is not an implementation of OpenID Connect's Session Management. Looking at the spec: http://openid.net/specs/openid-connect-session-1_0.html#OPiframe..."

Details can be found in https://github.com/pingidentity/mod_auth_openidc/issues/175

Best regards

Valerij
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user