I have been having problems with the Keycloak sso logout functionality in
Keycloak 3.4.3.
Previously I have tested the single sign-out functionality in Keycloak
2.4.0, and did not experience such problems.
I have debugged the issue in 3.4.3 and noticed that the sessionCreated
method in HttpSessionManager is never
called. This means that no http session is invalidated in the logout
methods.
To fix this I have created my own HttpSessionManager based on a Spring
ApplicationListener.and registered it as a
listener in my web.xml.
I would like to know if this is a known issue. Has this been fixed in
4.0.0? Can it also be fixed in a 3.4.4 version?
public class MyHttpSessionManager extends HttpSessionManager implements
ApplicationListener<ApplicationEvent> {
@Override
public void onApplicationEvent(ApplicationEvent event) {
if (event instanceof HttpSessionCreatedEvent) {
HttpSession session = ((HttpSessionCreatedEvent) event).getSession();
HttpSessionEvent creationEvent = new HttpSessionEvent(session);
this.sessionCreated(creationEvent);
}
}
}
Show replies by date