[keycloak-user] Logout not send k_logout requests

Hi Guys, I am using keycloak for several application single sign on solution. Keycloak works well in SSO, but I have troubles in single logout. According to document [https://www.keycloak.org/docs/latest/securing_apps/index.html#logout] and other answers in mailing list. from my understanding, single logout will need following steps: app a in http://172.17.0.1:5000 -> client_a app b in http://172.17.0.5:3000 -> client_b keycloak in http://172.17.0.2:8080 1. add admin_url for each client (just like following settings) * Client Protocol: openid-connect * Access Type: confidential * Root URL: http://172.17.0.1:5000/ * Valid Redirect URls: http://172.17.0.1:5000/* * Base URL: http://172.17.0.1:5000/ * Admin URL: http://172.17.0.1:5000/ 2. Logout by redirect brower to http://172.17.0.2:8080/auth/realms/myrealm/protocol/openid-connect/logout... 3. All client sessions for user in current browser will be destroyed and keycloak will send logout signal (k_logout) to each client (admin_url), each client recieve the logout signal to remove user login info In my experiment, by watch keycloak Manage/Sessions page, when the browser redirect to keycloak logout url, all session for current user have been destroyed, but app a and b do not recieved k_logout request. But if I direct click "logout all" button in Manage/Sessions page, all sessions have been destroyed and both app a and b recieved k_logout request. By redirect to logout url, the sessions have been destroyed, but not send logout signal each application still login status. What am I misunderstanding? Is there any detail example for single logout? I expect that user click logout in app a and all application in same realm logout together. Another trouble is the client I used is openid-client which not implemented k_logout, how should I handle k_logout request, is there any document for handle k_logout? Thanks Qing Zhang