Well since Spring Security adapter is used inside Java client software to secure communication with Keycloak, and you're developing your software in Python - it seems to be another problem... According to the docs: *Admin URL* For _Keycloak specific_ client adapters, this is the callback endpoint for the client. The Keycloak server will use this URI to make callbacks like pushing revocation policies, performing backchannel logout, and other administrative operations. For Keycloak servlet adapters, this can be the root URL of the servlet application. For more information see Securing Applications and Services Guide. It looks like Python OIDC library is not keycloak-specific, so Admin URL is NOT an option to set up backchannel logout. On Mon, Nov 11, 2019 at 9:41 PM mn(a)fstrk.io <mailto:mn@fstrk.io> <mn(a)fstrk.io <mailto:mn@fstrk.io>> wrote: I would love to try it, but I am a Python guy and I am not sure how to figure out Keycloak internals :) is there anyway you can point me to look for the instructions on how to do it? 11.11.19 22:27, Leonid Rozenblyum пишет: > Ok, I see. > But do you use Spring Security adapter in your application? > If yes, a workaround for KEYCLOAK-10266 > <https://issues.jboss.org/browse/KEYCLOAK-10266> is possible even > before 8.0.0 release. > > On Mon, Nov 11, 2019 at 6:48 PM mn(a)fstrk.io <mailto:mn@fstrk.io> > <mn(a)fstrk.io <mailto:mn@fstrk.io>> wrote: > > I am using the Docker version, and 8.0.0 has not been > released in Docker yet: > https://hub.docker.com/r/jboss/keycloak/tags > > so I guess the only option for me is wait for the 8.0.0 > Docker release then. > > > 11.11.19 17:56, Leonid Rozenblyum пишет: >> Hi. What adapter are you using? >> Spring Security adapter had a bug which was recently fixed >> and the fix should be part of 8.0.0 >> https://issues.jboss.org/browse/KEYCLOAK-10266 >> >> On Mon, Nov 11, 2019 at 6:14 AM mn(a)fstrk.io >> <mailto:mn@fstrk.io> <mn(a)fstrk.io <mailto:mn@fstrk.io>> wrote: >> >> I created a client in Keycloak and set up a test admin URL >> https://webhook.site/12c50381-0814-441a-82bb-1a68c8366a60 >> (this is a >> webhook testing site). >> >> After that, I performed an OpenID login via this client, >> and then sent a >> logout request to Keycloak. >> >> >> I did this a couple of times, and tried two ways of >> logging a user out: >> >> - redirecting to >> http://.../auth/realms/myrealm/protocol/openid-connect/logout >> >> <http://127.0.0.1:8080/auth/realms/myrealm/protocol/openid-connect/logout> >> >> - force logging out of the user via Keycloak admin >> interface: >> http://prntscr.com/pv1v76 >> >> The user indeed gets logged out. However, in both of >> these cases I don't >> see any requests coming out from Keycloak. The testing >> website shows >> zero registered requests. >> >> >> How do I make this work? >> >> >> >> >> -- >> Mikhail Novikov >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> <mailto:keycloak-user@lists.jboss.org> >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > -- > Михаил Новиков > Ведущий разработчик > fstrk.io <http://fstrk.io> > -- Михаил Новиков Ведущий разработчик fstrk.io <http://fstrk.io>