identity brokering and single logout
308 views
Skip to first unread message
Francesco Corbetta
May 31, 2023, 9:32:40 AM5/31/23
to keyclo...@googlegroups.com
Hello keycloak community
I'm trying to setup the following configuration:
- one keycloak instance, with one realm, and its clients
- another keycloak instance, with one realm, and its clients.
Of course, it could be one single instance with two realms but this is
not important.
The two realms are in a bidirectional brokering configuration, i.e.
users can login in one realm or in the other realm and they can
seamlessly move from clients to the other realm thanks to some
redirection tricks.
Clients are implementing SAML SingleLogout or OpenId backchannel
logout and everything works fine *but just for a single realm*. I
could not find a way to send the logout request to the other realm,
when it acts as a client for the realm.
I read the admin documentation
https://www.keycloak.org/docs/21.1.1/securing_apps/#logout but, to be
honest, I don't understand it.
When I perform a logout, the keycloak log shows:
Some clients have been not been logged out for user xxxxx in
federation realm: realm1
or vice versa.
Any hints from the community?
Best
Francesco
I'm trying to setup the following configuration:
- one keycloak instance, with one realm, and its clients
- another keycloak instance, with one realm, and its clients.
Of course, it could be one single instance with two realms but this is
not important.
The two realms are in a bidirectional brokering configuration, i.e.
users can login in one realm or in the other realm and they can
seamlessly move from clients to the other realm thanks to some
redirection tricks.
Clients are implementing SAML SingleLogout or OpenId backchannel
logout and everything works fine *but just for a single realm*. I
could not find a way to send the logout request to the other realm,
when it acts as a client for the realm.
I read the admin documentation
https://www.keycloak.org/docs/21.1.1/securing_apps/#logout but, to be
honest, I don't understand it.
When I perform a logout, the keycloak log shows:
Some clients have been not been logged out for user xxxxx in
federation realm: realm1
or vice versa.
Any hints from the community?
Best
Francesco
SadaShiv Dash
May 31, 2023, 9:38:23 AM5/31/23
to Francesco Corbetta, keyclo...@googlegroups.com
Hello Francesco,
If I understood correctly, you have two keycloak (KC) , one KC as SP and another keycloak as IDp. In keycloak , they only support SP Initiated logout from the backend while Idp initiated single logout is not supported.
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/CAKrJRNHTheATLE4U3V%3DtLQM50e_krKHWU2PpKPSKpZ65skgQrQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages