[keycloak-user] Keycloak sso logout

Robert . robert.discussions at gmail.com
Mon Jun 18 04:51:28 EDT 2018


I have been having problems with the Keycloak sso logout functionality in
Keycloak 3.4.3.
Previously I have tested the single sign-out functionality in Keycloak
2.4.0, and did not experience such problems.

I have debugged the issue in 3.4.3 and noticed that the sessionCreated
method in HttpSessionManager is never
called. This means that no http session is invalidated in the logout
methods.

To fix this I have created my own HttpSessionManager based on a Spring
ApplicationListener.and registered it as a
listener in my web.xml.
I would like to know if this is a known issue. Has this been fixed in
4.0.0? Can it also be fixed in a 3.4.4 version?

public class MyHttpSessionManager extends HttpSessionManager implements
ApplicationListener<ApplicationEvent> {

  @Override
  public void onApplicationEvent(ApplicationEvent event) {
    if (event instanceof HttpSessionCreatedEvent) {
      HttpSession session = ((HttpSessionCreatedEvent) event).getSession();
      HttpSessionEvent creationEvent = new HttpSessionEvent(session);
      this.sessionCreated(creationEvent);
    }
  }
}


More information about the keycloak-user mailing list