[keycloak-user] Still can access application after logout

Bill Burke bburke at redhat.com
Tue Oct 7 14:47:57 EDT 2014


 From admin console, navigating to an an application and invalidating 
all sessions for that application only doesn't log the user out of the 
SSO session.  It only invalidates all of the application's http sessions.

The logout url should work though.

On 10/7/2014 12:26 PM, Alexander Chriztopher wrote:
> Hi,
>
> I logout from my application either by a redirect to the logout url :
> http://auth-server/auth/realms/{realm-name}/tokens/logout?redirect_uri=encodedRedirectUri
> or from the Keycloak console by ending all active sessions with the
> "logout all" button but i still can go and navigate in my application
> everytime. It is only when i stay idle for sometime that am forced to
> login again in order to access my application.
>
> Anyone knows what this behaviour means ? I was expecting that i would be
> forced to login as soon as i logout from my application.
>
> Regards.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list