On 30 May 2016 at 09:04, Jannik Hüls <jannik.huels@googlemail.com> wrote:

Hi guys,

I am using keycloak together with mod_auth_openidc and ran into some trouble. I want to use the login-status-iframe endpoint but it seems to be not working (at least for my configuration).
The aim is to use a federated logout:

1. Login via an app protected by mod_auth_openidc
2. Open keycloak admin
3. Destroy the session
4. Refresh the app —> User is still logged in.

So mod_auth_openidc supports the OpenID Connect Session Management via iframe and as I saw in keycloaks code a iframe endpoint is available. So:

- Is the OpenID Connect session management via iframe already working in keycloak? I was wondering that the endpoint is not mentioned in the openID connect well-known configuration.

I don't think there's a standard way to mention this endpoint in .well-known. Would make sense though.

- What is the correct origin value that should be presented when calling the iframe endpoint?

I call:
<keycloak url>/protocol/openid-connect/login-status-iframe.html?client_id=<client>&origin=<origin>

- Is there any documentation available regarding the iframe endpoint? I suggested that I have to include the above link into the iframe src attribute? Is this correct?

Afraid there's no docs for this endpoint at the moment and it's currently only used by our JavaScript adapter. You can look at how our JavaScript adapter includes this. Basically you need to add an iframe with the above src attribute, but also add a mechanism that sends messages to the embedded iframe to poll the session state.

Bests
Jannik

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user