Re: [keycloak-user] Keycloak logout flow

I'm using keycloak 1.7.0 with WildFly 9.0.2 I have rest service and Keycloak deployed on one the same machine. Consider this scenario: 1) In browser i try to test my rest service (e.g. http://my-ip-address:8080/rest/test) secured under Keycloak 2) I got redirect to login page. 3) I enter my login and password. 4) I got some response from my rest service. That's Ok! 5) Then I go to Keycloak admin console, find my user and force session logout. 6) Then I try to access my rest service again by the same url, and NO redirect happens. Browser caches jsessionid cookie and don't know anything about user beeing logout. It seems to my that during step #6 server should invalidate expired session cookie due to admin logout. I considere that user after beeing logout will get redirect to login page again, and will not be able to access service with old jsessionid cookie. Is this a bug, or could you help me explain what am i doing wrong? _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user