[keycloak-user] Spring Security adapter single logout
Andy Yar
andyyar66 at gmail.com
Wed Dec 16 06:40:47 EST 2015
Hello,
I'm using 1.7.0 final integrated with Spring Security (which itself is
integrated into Grails) using OpenID Connect method. I've been kind of
stuck with single (back-channel, k_logout) logout for a while.
It seems it's handled by the preAuthActions filter which simply invalidates
local sessions via a call to an injected HttpSessionManager. This manager
stores active sessions in its instance and puts/removes them as a reaction
on HttpSessionEvent.
It looks like the HttpSessionManager has to be registered as JEE Listener
in order to receive HttpSessionEvents. However, then you end up with two
different instances - the listener and the bean in preAuthActions. Thus
invalidation process can't reach the sessions stored in listener's instance
and can't invalidate them at all.
A big sorry if I miss something very obvious.
Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151216/0bb39fe8/attachment.html
More information about the keycloak-user
mailing list