Now, I need to upgrade Keycloak to newer version, I am trying to upgrade to 18.0.2 (legacy version). However, newer version complies to OIDC Back-channel logout standard, and have separate config parameter under client configuration for back channel logout, separate then admin URL. The problem is my clustered system doesn't work with this, back-channel logout param doesn't support ${application.session.host} in URL. Consequently, back-channel functionality breaks. Moreover, Servlet Filter adapter implementation from Keycloak doesn't support handling back-channel logout as per my knowledge. I have implemented my own library to handle back-channel call: validating things as per standard and logging out appropriate session. For this sake, library stores sessions in an application scoped bean. In single node deployment of application, everything works but I don't have solution for multiple node application deployment from Keycloak regarding this, because Keycloak wouldn't know which node back-channel logout request would go, considering the fact that application deployment on each node is independent and client request distribution is configured with sticky sessions.
One solution is to use the Payara inbuilt Hazelcast datagrid to store the web sessions, and then any node should be able to handle the back-channel logout call across cluster.
But I am interested to know If keycloak has any solution on this.