[keycloak-user] keycloak openid connect session management
Stian Thorgersen
sthorger at redhat.com
Mon May 30 03:25:40 EDT 2016
On 30 May 2016 at 09:04, Jannik Hüls <jannik.huels at googlemail.com> wrote:
> Hi guys,
>
> I am using keycloak together with mod_auth_openidc and ran into some
> trouble. I want to use the login-status-iframe endpoint but it seems to be
> not working (at least for my configuration).
> The aim is to use a federated logout:
>
> 1. Login via an app protected by mod_auth_openidc
> 2. Open keycloak admin
> 3. Destroy the session
> 4. Refresh the app —> User is still logged in.
>
> So mod_auth_openidc supports the OpenID Connect Session Management via
> iframe and as I saw in keycloaks code a iframe endpoint is available. So:
>
> - Is the OpenID Connect session management via iframe already working in
> keycloak? I was wondering that the endpoint is not mentioned in the openID
> connect well-known configuration.
>
I don't think there's a standard way to mention this endpoint in
.well-known. Would make sense though.
> - What is the correct origin value that should be presented when calling
> the iframe endpoint?
>
> I call:
> <keycloak
> url>/protocol/openid-connect/login-status-iframe.html?client_id=<client>&origin=<origin>
>
> - Is there any documentation available regarding the iframe endpoint? I
> suggested that I have to include the above link into the iframe src
> attribute? Is this correct?
>
Afraid there's no docs for this endpoint at the moment and it's currently
only used by our JavaScript adapter. You can look at how our JavaScript
adapter includes this. Basically you need to add an iframe with the above
src attribute, but also add a mechanism that sends messages to the embedded
iframe to poll the session state.
>
>
> Bests
> Jannik
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160530/ef62c372/attachment.html
More information about the keycloak-user
mailing list