6:53 a.m.
Hi,
I wonder whether the topic of Session Management will be covered by the
OIDC certification
https://issues.jboss.org/browse/KEYCLOAK-524
I'm asking this question because there is an issue with single logout in
mod_aut_openidc:
According to the main mod_aut_openidc project's contributor Hans Zandbelt the
implementation in Keycloak "is not an implementation of OpenID Connect's
Session Management. Looking at the spec:
http://openid.net/specs/openid-connect-session-1_0.html#OPiframe..."
<http://openid.net/specs/openid-connect-session-1_0.html#OPiframe>
Details can be found in
https://github.com/pingidentity/mod_auth_openidc/issues/175
Best regards
Valerij
9:47 a.m.
Our Javascript adapter supports the iframe session management stuff.
Also, OIDC added a logout endpoint. See front and back channel logout
specs:
http://openid.net/connect/
We may do something proprietary here, but no reason we can't support
those new specs.
On 9/26/16 7:53 AM, Valerij Timofeev wrote:
Hi,
I wonder whether the topic of Session Management will be covered by
the OIDC certification
https://issues.jboss.org/browse/KEYCLOAK-524
I'm asking this question because there is an issue with single logout
in mod_aut_openidc:
According tothe main mod_aut_openidc project's contributor Hans
Zandbelt the implementation in Keycloak "is not an implementation of
OpenID Connect's Session Management. Looking at the spec:
http://openid.net/specs/openid-connect-session-1_0.html#OPiframe..."
<http://openid.net/specs/openid-connect-session-1_0.html#OPiframe>
Details can be found in
https://github.com/pingidentity/mod_auth_openidc/issues/175
Best regards
Valerij
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1:42 a.m.
Looks like our iframe implementation is not correct according to the spec.
Added https://issues.jboss.org/browse/KEYCLOAK-3625 to be fixed for 2.3.
With regards to front/back channel logout specs they are still in draft and
are also optional specifications. We will consider implementing these in
the future.
On 26 September 2016 at 16:47, Bill Burke <bburke(a)redhat.com> wrote:
Our Javascript adapter supports the iframe session management stuff.
Also, OIDC added a logout endpoint. See front and back channel logout
specs:
http://openid.net/connect/
We may do something proprietary here, but no reason we can't support those
new specs.
On 9/26/16 7:53 AM, Valerij Timofeev wrote:
Hi,
I wonder whether the topic of Session Management will be covered by the
OIDC certification
https://issues.jboss.org/browse/KEYCLOAK-524
I'm asking this question because there is an issue with single logout in
mod_aut_openidc:
According to the main mod_aut_openidc project's contributor Hans Zandbelt the
implementation in Keycloak "is not an implementation of OpenID Connect's
Session Management. Looking at the spec: http://openid.net/specs/
openid-connect-session-1_0.html#OPiframe..."
<http://openid.net/specs/openid-connect-session-1_0.html#OPiframe>
Details can be found in https://github.com/pingidentity/mod_auth_openidc/
issues/175
Best regards
Valerij
_______________________________________________
keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3024
days inactive
3026
days old
2 comments
3 participants
participants (3)
-
Bill Burke -
Stian Thorgersen -
Valerij Timofeev