[keycloak-user] Proxy users remain logged in when logged out in the backend
Niko Köbler
niko at n-k.de
Fri Feb 13 05:41:11 EST 2015
Hi,
I think there’s a state problem when using applications behind a Keycloak Proxy solution.
This is our scenario:
An application is „secured“ only behind a Keycloak proxy.
In some of our use cases, the session will be killed/logged out in the backend, before (proxy cookie) timeout.
As now the proxy cookie is still set (and valid), the proxy assumes the user still to be logged in and injects still the header fields. The proxy doesn’t know that the user has been logged out.
We switched now the „always-refresh-token“ option to „true“ in the proxy application configuration and it works as expected. But this will have impacts on performance and is not our preferred way of handling this issue.
Is there any other way of notifying the proxy of logged out users?
Can we use the Admin URL for this? If yes, how?
Regards,
- Niko
More information about the keycloak-user
mailing list