[keycloak-dev] Implementation of Front-Channel Logout for OpenID Connect clients
Marek Posolda
mposolda at redhat.com
Tue Mar 12 07:19:21 EDT 2019
Hi,
there is this JIRA opened already [1] . We have it planned, so we want
to look at it, but lack of other things caused that this wasn't
prioritized in last years... Do you want to contribute the feature?
BTV. There is this old discussion when we discuss the "iframes" to be
used for frontchannel logout rather than redirect based approach [2].
You can see some more context by going through this old thread. I think
that we already support iframe based frontchannel logout for SAML
specification, or at least it is already available in Hynek's branch as
mentioned in the comment of this JIRA [3]. So hopefully OIDC can re-use
some parts of it.
Let us know if you're interested in contributing this.
[1] https://issues.jboss.org/browse/KEYCLOAK-2939
[2] http://lists.jboss.org/pipermail/keycloak-dev/2017-May/009260.htm
[3] https://issues.jboss.org/browse/KEYCLOAK-5449
Marek
On 10/03/2019 04:03, Diego Liberalquino wrote:
> Hello,
>
> A thing that bothers me on Keycloak is the lack of implementation of
> Front-Channel Logout for OpenID Clients. Is there any technical reason for
> this or is just awaiting a community contribution? I mean, the spec is
> supported for SAML clients, and it also works for external OIDC providers.
>
> Best regards,
> Diego Liberalquino
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list