[keycloak-user] keycloak openid connect session management

[Jannik Hüls]

Hi guys,

I am using keycloak together with mod_auth_openidc and ran into some trouble. I want to use the login-status-iframe endpoint but it seems to be not working (at least for my configuration).
The aim is to use a federated logout: 

1. Login via an app protected by mod_auth_openidc
2. Open keycloak admin
3. Destroy the session
4. Refresh the app —> User is still logged in. 

So mod_auth_openidc supports the OpenID Connect Session Management via iframe and as I saw in keycloaks code a iframe endpoint is available. So:

- Is the OpenID Connect session management via iframe already working in keycloak? I was wondering that the endpoint is not mentioned in the openID connect well-known configuration.
- What is the correct origin value that should be presented when calling the iframe endpoint?

I call:
<keycloak url>/protocol/openid-connect/login-status-iframe.html?client_id=<client>&origin=<origin>

- Is there any documentation available regarding the iframe endpoint? I suggested that I have to include the above link into the iframe src attribute? Is this correct?


Bests
Jannik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160530/70cd7a67/attachment.html