You probably haven't configured admin url for your client so the Keycloak server can't send backchannel logout to your serviceĀOn 2 February 2016 at 12:06, Andrey Saroul <andrey.saroul@gmail.com> wrote:_______________________________________________I'm using keycloak 1.7.0 with WildFly 9.0.2I have rest service and Keycloak deployed on one the same machine.
Consider this scenario:1) In browser i try to test my rest service (e.g. http://my-ip-address:8080/rest/test) secured under Keycloak2) I got redirect to login page.3) I enter my login and password.4) I got some response from my rest service. That's Ok!5) Then I go to Keycloak admin console, find my user and force session logout.6) Then I try to access my rest service again by the same url, and NO redirect happens. Browser caches jsessionid cookie and don't know anything about user beeing logout.It seems to my that during step #6 server should invalidate expired session cookie due to admin logout.I considere that user after beeing logout will get redirect to login page again, and will not be able to access service with old jsessionid cookie.Is this a bug, or could you help me explain what am i doing wrong?
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user