[keycloak-user] Still active token after logout

Marek Posolda mposolda at redhat.com
Tue Dec 6 03:26:01 EST 2016


On 05/12/16 16:09, ruiwp13 wrote:
> How can I do it?
> I don't have the package org.keycloak.services
This is configured in logging subsystem in standalone.xml . You can try 
to Google for "Wildfly logging" for more details.

Marek
>
>
> Marek Posolda wrote
>> Could you see something in the log if you enable logging for category
>> "org.keycloak.services.managers.ResourceAdminManager" ?
>>
>> On 05/12/16 13:31, ruiwp13 wrote:
>>> Thank you very much for your answer Marek.
>>> Yes, I have set all to absolute paths.
>>> I only have the admin and base URLs defined. Basically what it happens is
>>> that, if I push a not before revocation for all tokens it communicates
>>> with
>>> my jersey server and it invalidates all tokens immediatly and I get 401
>>> when
>>> I make a new request. But, when I make a logout through the admin-client
>>> library, it ends the session in keycloak but the token is still active in
>>> jersey. So, I think it is communicating with the server as the revocation
>>> works properly and when I change the admin URL and try the revocation
>>> again
>>> the tokens remain active. Is there any chance that this is a problem in
>>> the
>>> logout function? I am using the version 2.1.0 Final and I am logging out
>>> like this:
>>>
>>> kc.realm({realm}).users().get({user_id}).logout();
>>>
>>> Best Regards,
>>> Rui Neves
>>>
>>>
>>> Marek Posolda wrote
>>>> If you set the "root URL" then all the other URLs must be relative to
>>>> that URL. So if you rather prefer to set absolute paths in your other
>>>> URLs, then don't set any "Root URL" at all. See the tooltip in admin
>>>> console.
>>>>
>>>> Marek
>>>>
>>>> On 05/12/16 12:08, ruiwp13 wrote:
>>>>> Hello,
>>>>>
>>>>> I am trying to log out of my application through keycloak but when I
>>>>> call
>>>>> the logout function for a certain user it does delete the user session
>>>>> in
>>>>> keycloak but somehow the token is still active and I can access the
>>>>> information. I have set a base and admin url as the absolute path to my
>>>>> application which is hosted in a server. Did I set this the right way?
>>>>> If
>>>>> so, what is the problem?
>>>>> By the way, if I set a root and base URL I get the path duplicated in
>>>>> the
>>>>> clients page.
>>>>>
>>>>> Best Regards,
>>>>> Rui Neves
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://keycloak-user.88327.x6.nabble.com/Still-active-token-after-logout-tp1766.html
>>>>> Sent from the keycloak-user mailing list archive at Nabble.com.
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>>
>>>> keycloak-user at .jboss
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at .jboss
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://keycloak-user.88327.x6.nabble.com/Still-active-token-after-logout-tp1766p1773.html
>>> Sent from the keycloak-user mailing list archive at Nabble.com.
>>> _______________________________________________
>>> keycloak-user mailing list
>>>
>> keycloak-user at .jboss
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at .jboss
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> --
> View this message in context: http://keycloak-user.88327.x6.nabble.com/Still-active-token-after-logout-tp1766p1781.html
> Sent from the keycloak-user mailing list archive at Nabble.com.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list