[keycloak-dev] social/broker errors

Marek Posolda mposolda at redhat.com
Wed Mar 25 11:02:07 EDT 2015


Question about logout: Should logout always trigger parent broker logout 
even if "child" is not the initiator of parent SSO login?

Some example: I have keycloak server on configured to login against 
Salesforce SAML broker

1) I login to Salesforce
2) Then I login to Keycloak with usage of Salesforce broker
3) Now I trigger logout from Keycloak. Should it trigger logout from 
Salesforce too? IMO it shouldn't as localhost:8081 wasn't the initiator 
of the Salesforce login (in step 1).

Wdyt?

Marek


On 25.3.2015 14:57, Stian Thorgersen wrote:
> Had a quick look at it and seems Facebook and GitHub return access token response as form-url-encoded (access_token=<...>&foo=bar).
>
> Another thing I spotted was that I'm pretty sure we're not validating the SSL connection when sending requests to the IdPs. We should drop the SimpleHttp util I created and use something better (Apache or RestEasy) and make sure it's possible to setup a truststore). SimpleHttp was only created as we initially wanted the social lib to be a reusable lightweight lib, but now it's only for KC so there's no point in it and it's pretty crap for many reasons!
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 25 March, 2015 2:52:07 PM
>> Subject: [keycloak-dev] social/broker errors
>>
>> I'll look into all the social/broker errors and test out on all social
>> providers (again) after I finish up some logout work.
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev



More information about the keycloak-dev mailing list