[keycloak-user] Keycloak logout flow
Andrey Saroul
andrey.saroul at gmail.com
Tue Feb 2 06:06:16 EST 2016
I'm using keycloak 1.7.0 with WildFly 9.0.2
I have rest service and Keycloak deployed on one the same machine.
Consider this scenario:
1) In browser i try to test my rest service (e.g.
http://my-ip-address:8080/rest/test) secured under Keycloak
2) I got redirect to login page.
3) I enter my login and password.
4) I got some response from my rest service. That's Ok!
5) Then I go to Keycloak admin console, find my user and force session
logout.
6) Then I try to access my rest service again by the same url, and NO
redirect happens. Browser caches jsessionid cookie and don't know anything
about user beeing logout.
It seems to my that during step #6 server should invalidate expired session
cookie due to admin logout.
I considere that user after beeing logout will get redirect to login page
again, and will not be able to access service with old jsessionid cookie.
Is this a bug, or could you help me explain what am i doing wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160202/e38f6bbf/attachment.html
More information about the keycloak-user
mailing list