Reputation: 117
Keycloak: Logout from client application doesn't logout user from Kibana
I have two applications that are registered as client with Keycloak. First application is custom developed and uses spring security to handle the logout.
Code snippet for logout:
@Bean(name = "logoutFilter")
public LogoutFilter logoutFilter(AdapterDeploymentContext adapterDeploymentContext, KeycloakProperties keycloakProperties) {
KeycloakLogoutHandler firstHandler = new KeycloakLogoutHandler(adapterDeploymentContext);
SecurityContextLogoutHandler secondHandler = new SecurityContextLogoutHandler();
AntPathRequestMatcher matcher = new AntPathRequestMatcher("/sso/logout**", HttpMethod.POST.toString());
LogoutFilter filter = new LogoutFilter(keycloakProperties.getDefaultTargetLogoutUrl(), firstHandler, secondHandler);
filter.setLogoutRequestMatcher(matcher);
return filter;
}
Now user1 is logged in to app1, kibana and keycloak. If logout is clicked in app1, user1 is logged out of app1 & keycloak applications, but user1 session is still active for kibana and can access it without any issues.
My expectation is that when I click logout in app1, session should be terminated and user should be logged out of all sessions/applications.
Upvotes: 0
Views: 498
Answers (1)
Reputation: 1
if you have 2 clients like app1 and app2 in a realm like master, and you have user like deepak and have access to both clients. Now if you logout from app1 then both app1 and app2 clients will be logged out, because it is based upon user sessions and it is completely based on logout endpoint .
Upvotes: 0
Related Questions
- Problem with Keycloak and logout from SAML identity provider
- Keycloak logout does not end session
- How to logout from Saml IDP when I logout from my application
- Signout from Grafana Iframe - Keycloak
- Keycloak Backchannel logout
- Does keycloak provide a way to distinguish between logins by the same user on different devices