Reputation: 1855
How to use the keycloak admin-url for OpenID logout requests
JBoss keycloak offers an admin url in the client settings, where you can react on logout push events or other events. Unfortunatly I cannot find any documentation about how to use this url? Can you give me a hint, if this is e.g. part of OpenID Spec or if a API Doc exists for this.
Especially I want to know how I can realise a client endpoint, which reacts on logout or revocation requests from the keycloak server.
- Documentation in KC about the Admin URL: http://keycloak.github.io/docs/userguide/keycloak-server/html/applicationClustering.html#admin-url-configuration
Thanks Christian
Upvotes: 10
Views: 7776
Answers (1)
Reputation: 5932
AFAIK the use of the Admin URL is Keycloak specific, and not part of Open ID Connect or OAuth.
I suppose you'll need to take a look at the code, i.e. PreAuthActionsHandler#handleRequest handles URLs ending with k_logout and k_push_not_before.
The easiest way to handle these events is to use a Keycloak client adapter. The adapter (available for Jetty, Tomcat and others) will automatically handle this for you. Just specify any URL of your deployed application and the client adapter will do the rest.
Upvotes: 1