Sounds like you have two separate applications? If so they'll have separate
cookies, sessions, etc.. and would have to be logged-out separately. Not
quite sure where you're getting '/logout' from either.
To logout you should use HttpServletRequest.logout which will redirect to
Keycloak to properly do the logout. This will logout the application that
the user initiated the logout from, as well as send a backchannel request
to other applications to log them out.
On 23 June 2016 at 04:06, Sarp Kaya <akaya(a)expedia.com> wrote:
According to this code:
<
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-co...
<
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-co...
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-co...
The cookie is only reset at the place where the logout path is. For
instance:
Applications serve at /foo/app and /bar/app
And logout path is just /logout
In that case that won’t work because cookiePath for removeCookie would be
/logout.
The problem is the user is still logged in within the period of Access
Token Lifespan.
It doesn’t make sense to have different logout URL for each application as
such /bar/logout and /foo/logout .
Is there a way to just keep single logout which logs out the user for each
application?
Thanks,
Sarp Kaya
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user