[keycloak-user] Keycloak logout flow

Stian Thorgersen sthorger at redhat.com
Tue Feb 2 07:55:33 EST 2016


You probably haven't configured admin url for your client so the Keycloak
server can't send backchannel logout to your service

On 2 February 2016 at 12:06, Andrey Saroul <andrey.saroul at gmail.com> wrote:

> I'm using keycloak 1.7.0 with WildFly 9.0.2
> I have rest service and Keycloak deployed on one the same machine.
> Consider this scenario:
> 1) In browser i try to test my rest service (e.g.
> http://my-ip-address:8080/rest/test) secured under Keycloak
> 2) I got redirect to login page.
> 3) I enter my login and password.
> 4) I got some response from my rest service. That's Ok!
> 5) Then I go to Keycloak admin console, find my user and force session
> logout.
> 6) Then I try to access my rest service again by the same url, and NO
> redirect happens. Browser caches jsessionid cookie and don't know anything
> about user beeing logout.
> It seems to my that during step #6 server should invalidate expired
> session cookie due to admin logout.
> I considere that user after beeing logout will get redirect to login page
> again, and will not be able to access service with old jsessionid cookie.
> Is this a bug, or could you help me explain what am i doing wrong?
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160202/02607c6b/attachment.html 


More information about the keycloak-user mailing list