[keycloak-user] Still active token after logout

Marek Posolda mposolda at redhat.com
Mon Dec 5 09:57:15 EST 2016 

Could you see something in the log if you enable logging for category 
"org.keycloak.services.managers.ResourceAdminManager" ?

On 05/12/16 13:31, ruiwp13 wrote:
> Thank you very much for your answer Marek.
> Yes, I have set all to absolute paths.
> I only have the admin and base URLs defined. Basically what it happens is
> that, if I push a not before revocation for all tokens it communicates with
> my jersey server and it invalidates all tokens immediatly and I get 401 when
> I make a new request. But, when I make a logout through the admin-client
> library, it ends the session in keycloak but the token is still active in
> jersey. So, I think it is communicating with the server as the revocation
> works properly and when I change the admin URL and try the revocation again
> the tokens remain active. Is there any chance that this is a problem in the
> logout function? I am using the version 2.1.0 Final and I am logging out
> like this:
>
> kc.realm({realm}).users().get({user_id}).logout();
>
> Best Regards,
> Rui Neves
>
>
> Marek Posolda wrote
>> If you set the "root URL" then all the other URLs must be relative to
>> that URL. So if you rather prefer to set absolute paths in your other
>> URLs, then don't set any "Root URL" at all. See the tooltip in admin
>> console.
>>
>> Marek
>>
>> On 05/12/16 12:08, ruiwp13 wrote:
>>> Hello,
>>>
>>> I am trying to log out of my application through keycloak but when I call
>>> the logout function for a certain user it does delete the user session in
>>> keycloak but somehow the token is still active and I can access the
>>> information. I have set a base and admin url as the absolute path to my
>>> application which is hosted in a server. Did I set this the right way? If
>>> so, what is the problem?
>>> By the way, if I set a root and base URL I get the path duplicated in the
>>> clients page.
>>>
>>> Best Regards,
>>> Rui Neves
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://keycloak-user.88327.x6.nabble.com/Still-active-token-after-logout-tp1766.html
>>> Sent from the keycloak-user mailing list archive at Nabble.com.
>>> _______________________________________________
>>> keycloak-user mailing list
>>>
>> keycloak-user at .jboss
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at .jboss
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> --
> View this message in context: http://keycloak-user.88327.x6.nabble.com/Still-active-token-after-logout-tp1766p1773.html
> Sent from the keycloak-user mailing list archive at Nabble.com.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list