0

I have two applications that are registered as client with Keycloak. First application is custom developed and uses spring security to handle the logout.

Code snippet for logout:

@Bean(name = "logoutFilter")
public LogoutFilter logoutFilter(AdapterDeploymentContext adapterDeploymentContext, KeycloakProperties keycloakProperties) {
    KeycloakLogoutHandler firstHandler = new KeycloakLogoutHandler(adapterDeploymentContext);
    SecurityContextLogoutHandler secondHandler = new SecurityContextLogoutHandler();
    AntPathRequestMatcher matcher = new AntPathRequestMatcher("/sso/logout**", HttpMethod.POST.toString());
    LogoutFilter filter = new LogoutFilter(keycloakProperties.getDefaultTargetLogoutUrl(), firstHandler, secondHandler);
    filter.setLogoutRequestMatcher(matcher);
    return filter;
}

Now user1 is logged in to app1, kibana and keycloak. If logout is clicked in app1, user1 is logged out of app1 & keycloak applications, but user1 session is still active for kibana and can access it without any issues.

My expectation is that when I click logout in app1, session should be terminated and user should be logged out of all sessions/applications.

Varun
  • 35
  • 1
  • 6

1 Answers1

0

if you have 2 clients like app1 and app2 in a realm like master, and you have user like deepak and have access to both clients. Now if you logout from app1 then both app1 and app2 clients will be logged out, because it is based upon user sessions and it is completely based on logout endpoint .

sekhar gottapu
  • 1
  • 2
  • As I already mentioned in question, clients and users belong to same realm. Kibana doesn't seem to support single logout with back channel logout, though it support front-channel there may be limitations if administrator implements browser settings https://discuss.elastic.co/t/single-logout-using-kibana-and-keycloak/216094 – Varun Jun 02 '23 at 13:09