On 13/12/16 09:26, Jeroen Koek wrote:
Hi,
I have deployed multiple wars on jboss eap 6.4.
The war's are running on different url's and are using the same keycloak client
('Athlon').
If I'm logged in I'm able to navigate to the different applications and seemless
start a java session; I see multiple JSESSIONID's.
If I logout on one of the wars (session logout) I'm still able to access the other
applications to my surprise; e.g. the SSO is not working.
I have configured the admin url to the root of the applications server ("/")
where I have one of the application running.
However the adapter is not invalidating all other sessions (for the other applications);
I can still navigate to one of the other applications ("/app" for instance).
I have now created a for loop where I'm logging out all applications manually
(/logout).
My mind is telling me that I'm doing something completely wrong.
Am I right?
Yes, seems that your mind is correct :)
It is supposed that every WAR will have it's own Keycloak client. Then
single-sign-out will work as expected. Because for example when you have
application "war1" on context "/war1" and "war2" on context
"/war2", the
Keycloak needs to be able to send single-sign-out request to both those
URL. With all the WARs and single Keycloak client, this can't work. Take
a look at our examples and especially the most basic "demo" example.
Marek
Regards,
Jeroen.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user