[keycloak-user] Keycloak logout flow
Andrey Saroul
andrey.saroul at gmail.com
Mon Feb 8 04:30:59 EST 2016
Thanks, it was the right reason.
2016-02-02 15:55 GMT+03:00 Stian Thorgersen <sthorger at redhat.com>:
> You probably haven't configured admin url for your client so the Keycloak
> server can't send backchannel logout to your service
>
> On 2 February 2016 at 12:06, Andrey Saroul <andrey.saroul at gmail.com>
> wrote:
>
>> I'm using keycloak 1.7.0 with WildFly 9.0.2
>> I have rest service and Keycloak deployed on one the same machine.
>> Consider this scenario:
>> 1) In browser i try to test my rest service (e.g.
>> http://my-ip-address:8080/rest/test) secured under Keycloak
>> 2) I got redirect to login page.
>> 3) I enter my login and password.
>> 4) I got some response from my rest service. That's Ok!
>> 5) Then I go to Keycloak admin console, find my user and force session
>> logout.
>> 6) Then I try to access my rest service again by the same url, and NO
>> redirect happens. Browser caches jsessionid cookie and don't know anything
>> about user beeing logout.
>> It seems to my that during step #6 server should invalidate expired
>> session cookie due to admin logout.
>> I considere that user after beeing logout will get redirect to login page
>> again, and will not be able to access service with old jsessionid cookie.
>> Is this a bug, or could you help me explain what am i doing wrong?
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160208/cfb8e05b/attachment.html
More information about the keycloak-user
mailing list