Guys,
Can share your ideas why global logout is not working?
On Apr 3, 2015 3:47 PM, "Chen Keong Yap" <chenkeong.yap(a)izeno.com> wrote:
Hi Marek,
I've just tested backchannel logout and it's showing same issue. Both
applications are using PL SP Filter and the steps below are used for
testing.
1. Open
https://localhost:8443/employee/ and http request is redirected
to
https://localhost:8443/auth/realms/saml-demo-1/protocol/saml
2. Enter username and password into keycloak login page and redirected to
employee landing page
3. Open
https://localhost:8443/sales-post/ and redirected to sales-post
landing page without login
4. Logon to keycloak admin console and noticed there are 2 active sessions
5. Perform global logout from employee landing page (
https://localhost:8443/employee/?GLO=true) and http request is redirected
to
https://localhost:8443/auth/realms/saml-demo-1/protocol/saml
6. Logon to keycloak admin console and noticed all sessions are gone
7. Refresh sales-post landing page and it's not redirected to keycloak
login page. sales-post session still active.
Kindly advise why GLO is performed but the second application (sales-post)
session still active?
On Fri, Apr 3, 2015 at 3:36 PM, Marek Posolda <mposolda(a)redhat.com> wrote:
> Switch the "Front channel logout" to off. In this case it should use
> backchannel (not redirecting through browser, but sending logout requests
> from Keycloak in background)
>
> Marek
>
>
>
> On 3.4.2015 08:28, Chen Keong Yap wrote:
>
>
> Hi Merek,
>
> I've tried frontChannel logout in 1.2.0.Beta1 and it's giving me the
> same issues, please refer to the settings shown in the screen shot.
>
> Can you please advise how to test backchannel logout?
>
>
> [image: Inline image 1]
>
>
>
> On Fri, Apr 3, 2015 at 1:50 PM, Marek Posolda <mposolda(a)redhat.com>
> wrote:
>
>> I would try to upgrade to latest 1.2.0.Beta1 as it has some related
>> fixes AFAIK.
>>
>> In this version, you have also possibility to setup either frontChannel
>> logout or backchannel logout for the application. It could be set in
>> Keycloak admin console. I think that at least one of them will work with SP
>> filter in latest version (if not both).
>>
>> Marek
>>
>>
>> On 3.4.2015 01:44, Chen Keong Yap wrote:
>>
>> Hi,
>>
>> I've 2 applications installed with Picketlink SPFilter to authenticate
>> with keycloak 1.1.0 beta 2.
>>
>> When i perform global logout, first application was logged out
>> successfully because SP/keycloak session and application http session are
>> removed but the problem is second
>> application SP/keycloak session is removed but application http session
>> is still remained. I've set admin url for these 2 applications in keycloak
>> admin console. Kindly share your ideas.
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>
>
>
>
>
>