[keycloak-user] User session logout in Keycloak Console seems not to work if using User Federation Provider

Juan Pablo Perata jpperata at gmail.com
Thu Feb 1 08:29:54 EST 2018 

To add something else:

I discovered I was changing JSESSIONID after successfull login in a
callback servlet. I removed that because Keycloak itself is invalidating
old session and assigning a new id.

Otherwise, for my surprise after logout session from keycloak admin
console, session remains active and I am still logged in application.

Any tip is appreciated.
Regards,
Juan


On Wed, Jan 31, 2018 at 12:20 PM Juan Pablo Perata <jpperata at gmail.com>
wrote:

> Hello,
>
> This issue seems application specific, but I could not reach to the root
> yet.
>
> I would like to know if someone faced this in Keycloak Admin Console or
> some tips you could give me to see what is going on.
>
> *Environment*
> Web application running on Wildfly 10.1.0.Final and secured with Keycloak.
> Keycloak 3.4.3.Final server running in <IP>:<PORT1>
> Wildfly 10.1.0.Final server running in <IP>:<PORT2>
> *Description*
> Found that session logout from Keycloak admin does not have effect for
> federated users in my web application.
> Steps:
> - develop your own user federation provider to connect to internal
> database (implements interfaces _UserStorageProvider,
> CredentialInputValidator, UserLookupProvider, OnUserCache_)
> - properly configured user federation provider in keycloak realm
> - configure and deploy a JSF based web OIDC client application in Wildfly
> secured by Keycloak
> - Go to: _<IP>:<PORT2>/<web-application_uri>_ and authenticate using
> federation provider
> Authentication succeeded
> - Go to Keycloak Console -> Realm -> Sessions -> (select web application
> client) -> Show sessions. Then select <user-authenticated> from displayed
> table -> "Sessions" tab
> - Click "Logout all sessions" or "Logout" the specific session. A success
> message is displayed and session disappears from table.
> - Go to _<IP>:<PORT2>/<web-application_uri>_ and check that session is
> still alive and user is authenticated.
> - Checked in a Filter in web application that
> "org.keycloak.KeycloakSecurityContext" security context is present with
> information from logged in user.
>
> *To note:*
> - (correct behaviour) If logout is performed from web application, single
> sign on session is logged out properly (HttpRequest.logout()).
> - (correct behaviour) Tested behaviour with [product-portal sample |
> https://github.com/keycloak/keycloak/tree/master/examples/demo-template/product-app]
> application and *it works ok as expected*.
> Tested with users loaded in "demo" json and also using my own user
> federation provider and works well.
>
> Thanks in advance,
> Juan
>

More information about the keycloak-user mailing list