Hi guys,

I am using keycloak together with mod_auth_openidc and ran into some trouble. I want to use the login-status-iframe endpoint but it seems to be not working (at least for my configuration).

The aim is to use a federated logout:

1. Login via an app protected by mod_auth_openidc

2. Open keycloak admin

3. Destroy the session

4. Refresh the app —> User is still logged in.

So mod_auth_openidc supports the OpenID Connect Session Management via iframe and as I saw in keycloaks code a iframe endpoint is available. So:

- Is the OpenID Connect session management via iframe already working in keycloak? I was wondering that the endpoint is not mentioned in the openID connect well-known configuration.

- What is the correct origin value that should be presented when calling the iframe endpoint?

I call:

<keycloak url>/protocol/openid-connect/login-status-iframe.html?client_id=<client>&origin=<origin>

- Is there any documentation available regarding the iframe endpoint? I suggested that I have to include the above link into the iframe src attribute? Is this correct?

Bests

Jannik