[keycloak-user] single logout

Stian Thorgersen stian at redhat.com
Wed Jan 7 07:25:55 EST 2015


Looks like a configuration issue (or a bug) you should not have to implement anything as long as you use our adapters.

Did you set the admin url correctly for the app? It has to be reachable from the Keycloak server. Also, if your app is behind a proxy or is clustered that can also impact on the config.

----- Original Message -----
> From: "Hubert Przybysz" <h.p.przybysz at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: "keycloak-user" <keycloak-user at lists.jboss.org>
> Sent: Wednesday, 7 January, 2015 1:18:58 PM
> Subject: Re: [keycloak-user] single logout
> 
> I'm using your server-side java adapters. When I logout in one application
> I'm getting the exception below when the server tries to logout the second
> application (which led me to think I need to implement something).
> 
> Logout for application 'app-2' failed:
> org.apache.http.conn.HttpHostConnectException: Connection to https:/
> xx.xx.net refused
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190)
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> at
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]
> at
> org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:182)
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> at
> org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39)
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> at
> org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40)
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> at
> org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45)
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:444)
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> at
> org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:688)
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> at org.jboss.resteasy.client.ClientRequest.post(ClientRequest.java:572)
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
> at
> org.keycloak.services.managers.ResourceAdminManager.sendLogoutRequest(ResourceAdminManager.java:275)
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
> org.keycloak.services.managers.ResourceAdminManager.logoutClientSessions(ResourceAdminManager.java:207)
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
> org.keycloak.services.managers.ResourceAdminManager.logoutClientSession(ResourceAdminManager.java:167)
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
> org.keycloak.protocol.oidc.OpenIDConnect.backchannelLogout(OpenIDConnect.java:143)
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
> org.keycloak.services.managers.AuthenticationManager.logout(AuthenticationManager.java:97)
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
> org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:994)
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
> org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:927)
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [rt.jar:1.7.0_72]
> 
> 
> On Wed, Jan 7, 2015 at 12:53 PM, Stian Thorgersen <stian at redhat.com> wrote:
> 
> > What adapters are you using? Our adapters already have built-in support
> > for this. Server-side adapters (JEE) uses the admin url, while client-side
> > (JS) uses a special iframe to detect logout.
> >
> > ----- Original Message -----
> > > From: "Hubert Przybysz" <h.p.przybysz at gmail.com>
> > > To: "keycloak-user" <keycloak-user at lists.jboss.org>
> > > Sent: Wednesday, 7 January, 2015 12:19:12 PM
> > > Subject: [keycloak-user] single logout
> > >
> > > Hi,
> > >
> > > I'm looking for information on how to implement single logout across
> > > applications in the realm. There is an Admin URL setting per application
> > in
> > > the realm admin GUI which is to be set if the application supports "the
> > > adapter REST API", but I failed to find any information about this API.
> > Is
> > > this the API to use for single logout ?
> > >
> > > Br / Hubert.
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> 


More information about the keycloak-user mailing list