I am not sure if this is the appropriate way to post a Keycloak question. If it is not, I apologize.
I have sent up a Wildfly JSP application (confidential) and a Wildfly REST API application (bearer-only) to use Keycloak Alpha 3. The Keycloak, JSP, and REST API applications are each running in a different Wildfly server on the same machine.
Everything seems to work except the sign-off. It appears to work and there is no error, but in actuality the sign-off doesn't work. When the logout URL redirects back to the homepage (not secure) and I click the link to the get Countries JSP page (secured) again, it still shows me the country list without redirecting me to the Keycloak login page.
I set @NoCahe on the JAX-RS endpoints in the API application and in the JSP app I put:
<head>
<%
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);
%>
<title>Country List</title>
</head>
I use:
<%
String logoutUri = KeycloakUriBuilder.fromUri("http://localhost:6080/auth/rest/realms/MyRealm/tokens/logout")
.queryParam("redirect_uri", "http://localhost:8080/MyAppJSP").build("MyRealm").toString();
%>
to create the log-off URL.
Also, if I go into the Keycloak Admin as "admin" and force log-off the user, it doesn't work either.
Is there some setting I am missing in the JSP. I turned off all the caching I know about in Chrome and Wildfly. I am not sure this is a Keycloak problem or my ignorance of Wildfly and JSP.
Any help is greatly appreciated.
Cheers,
A. Kevin Bailey