[keycloak-user] Keycloak Adapter Set/Remove Cookies Depending on Path

[Stian Thorgersen]

Sounds like you have two separate applications? If so they'll have separate
cookies, sessions, etc.. and would have to be logged-out separately. Not
quite sure where you're getting '/logout' from either.

To logout you should use HttpServletRequest.logout which will redirect to
Keycloak to properly do the logout. This will logout the application that
the user initiated the logout from, as well as send a backchannel request
to other applications to log them out.

On 23 June 2016 at 04:06, Sarp Kaya <akaya at expedia.com> wrote:

> According to this code:
>
> <https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/CookieTokenStore.java#L100>
> <https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/CookieTokenStore.java#L100>
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/CookieTokenStore.java#L100
>
> The cookie is only reset at the place where the logout path is. For
> instance:
>
> Applications serve at /foo/app and /bar/app
> And logout path is just /logout
>
> In that case that won’t work because cookiePath for removeCookie would be
> /logout.
>
> The problem is the user is still logged in within the period of Access
> Token Lifespan.
>
> It doesn’t make sense to have different logout URL for each application as
> such /bar/logout and /foo/logout .
>
> Is there a way to just keep single logout which logs out the user for each
> application?
>
> Thanks,
> Sarp Kaya
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160628/4ee8bb5c/attachment.html