The adapter creates REST endpoints to listen to the logout event.
Suppose there are 2 apps under SSO. You execute log-out from one of them.
Another one is receiving backchannel call from Keycloak about the log-out
event to immediately terminate session.
Otherwise the 2'nd app will know about session invalidation only after next
request to keycloak (e.g. for refreshing a token).
I've been using Keycloak Spring Security Adapter 7.0.1 with Keycloak 7.0.1
however it still contained a bug for Single Logout that's why I had to
promote a fix for
.
Until keycloak 8 is released I had to apply a workaround of custom
HttpSessionManager registration.
On Tue, Nov 12, 2019 at 6:09 AM mn(a)fstrk.io <mn(a)fstrk.io> wrote:
Anyway, if you've made this work, please specify the versions of
the
libraries you used; I will find a Java friend to put them together, and
then I'll look at HTTP requests issued and implement them in Python :)
11.11.19 23:06, Leonid Rozenblyum пишет:
Well since Spring Security adapter is used inside Java client software to
secure communication with Keycloak, and you're developing your software in
Python - it seems to be another problem...
According to the docs:
*Admin URL*
For *Keycloak specific* client adapters, this is the callback endpoint
for the client. The Keycloak server will use this URI to make callbacks
like pushing revocation policies, performing backchannel logout, and other
administrative operations. For Keycloak servlet adapters, this can be the
root URL of the servlet application. For more information see Securing
Applications and Services Guide.
It looks like Python OIDC library is not keycloak-specific, so Admin URL
is NOT an option to set up backchannel logout.
On Mon, Nov 11, 2019 at 9:41 PM mn(a)fstrk.io <mn(a)fstrk.io> wrote:
> I would love to try it, but I am a Python guy and I am not sure how to
> figure out Keycloak internals :) is there anyway you can point me to look
> for the instructions on how to do it?
>
>
>
> 11.11.19 22:27, Leonid Rozenblyum пишет:
>
> Ok, I see.
> But do you use Spring Security adapter in your application?
> If yes, a workaround for KEYCLOAK-10266
> <
https://issues.jboss.org/browse/KEYCLOAK-10266> is possible even before
> 8.0.0 release.
>
> On Mon, Nov 11, 2019 at 6:48 PM mn(a)fstrk.io <mn(a)fstrk.io> wrote:
>
>> I am using the Docker version, and 8.0.0 has not been released in Docker
>> yet:
https://hub.docker.com/r/jboss/keycloak/tags
>>
>> so I guess the only option for me is wait for the 8.0.0 Docker release
>> then.
>>
>>
>> 11.11.19 17:56, Leonid Rozenblyum пишет:
>>
>> Hi. What adapter are you using?
>> Spring Security adapter had a bug which was recently fixed and the fix
>> should be part of 8.0.0
https://issues.jboss.org/browse/KEYCLOAK-10266
>>
>> On Mon, Nov 11, 2019 at 6:14 AM mn(a)fstrk.io <mn(a)fstrk.io> wrote:
>>
>>> I created a client in Keycloak and set up a test admin URL
>>>
https://webhook.site/12c50381-0814-441a-82bb-1a68c8366a60 (this is a
>>> webhook testing site).
>>>
>>> After that, I performed an OpenID login via this client, and then sent
>>> a
>>> logout request to Keycloak.
>>>
>>>
>>> I did this a couple of times, and tried two ways of logging a user out:
>>>
>>> - redirecting to
>>> http://.../auth/realms/myrealm/protocol/openid-connect/logout
>>> <
>>>
http://127.0.0.1:8080/auth/realms/myrealm/protocol/openid-connect/logout
>>> >
>>>
>>> - force logging out of the user via Keycloak admin interface:
>>>
http://prntscr.com/pv1v76
>>>
>>> The user indeed gets logged out. However, in both of these cases I
>>> don't
>>> see any requests coming out from Keycloak. The testing website shows
>>> zero registered requests.
>>>
>>>
>>> How do I make this work?
>>>
>>>
>>>
>>>
>>> --
>>> Mikhail Novikov
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>> --
>> Михаил Новиков
>> Ведущий разработчикfstrk.io
>>
>>
> --
> Михаил Новиков
> Ведущий разработчикfstrk.io
>
>
--
Михаил Новиков
Ведущий разработчикfstrk.io