2:04 a.m.
Hi guys,
I am using keycloak together with mod_auth_openidc and ran into some trouble. I want to
use the login-status-iframe endpoint but it seems to be not working (at least for my
configuration).
The aim is to use a federated logout:
1. Login via an app protected by mod_auth_openidc
2. Open keycloak admin
3. Destroy the session
4. Refresh the app —> User is still logged in.
So mod_auth_openidc supports the OpenID Connect Session Management via iframe and as I saw
in keycloaks code a iframe endpoint is available. So:
- Is the OpenID Connect session management via iframe already working in keycloak? I was
wondering that the endpoint is not mentioned in the openID connect well-known
configuration.
- What is the correct origin value that should be presented when calling the iframe
endpoint?
I call:
<keycloak
url>/protocol/openid-connect/login-status-iframe.html?client_id=<client>&origin=<origin>
- Is there any documentation available regarding the iframe endpoint? I suggested that I
have to include the above link into the iframe src attribute? Is this correct?
Bests
Jannik
2:25 a.m.
On 30 May 2016 at 09:04, Jannik Hüls <jannik.huels(a)googlemail.com> wrote:
Hi guys,
I am using keycloak together with mod_auth_openidc and ran into some
trouble. I want to use the login-status-iframe endpoint but it seems to be
not working (at least for my configuration).
The aim is to use a federated logout:
1. Login via an app protected by mod_auth_openidc
2. Open keycloak admin
3. Destroy the session
4. Refresh the app —> User is still logged in.
So mod_auth_openidc supports the OpenID Connect Session Management via
iframe and as I saw in keycloaks code a iframe endpoint is available. So:
- Is the OpenID Connect session management via iframe already working in
keycloak? I was wondering that the endpoint is not mentioned in the openID
connect well-known configuration.
I don't think there's a standard way to mention this endpoint in
.well-known. Would make sense though.
- What is the correct origin value that should be presented when
calling
the iframe endpoint?
I call:
<keycloak
url>/protocol/openid-connect/login-status-iframe.html?client_id=<client>&origin=<origin>
- Is there any documentation available regarding the iframe endpoint? I
suggested that I have to include the above link into the iframe src
attribute? Is this correct?
Afraid there's no docs for this endpoint at the moment and it's currently
only used by our JavaScript adapter. You can look at how our JavaScript
adapter includes this. Basically you need to add an iframe with the above
src attribute, but also add a mechanism that sends messages to the embedded
iframe to poll the session state.
Bests
Jannik
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3145
days inactive
3145
days old
1 comments
2 participants
participants (2)
-
Jannik Hüls -
Stian Thorgersen