DEVHIDE
Login Or Sign up

Unable to perform Keycloak single logout

910 Views Asked by At

I have two applications, Let's say App1 and App2. App1 is protected using mod_auth_openidc and App2 is hosted on wildfly and protected using keycloak specific java adapter. The SSO works fine on both applications. However, the problem occurs in case of Logout. When I perform logout from App1, then both applications are redirected to login on next request (as expected). However, when I perform logout on App2, then App1 still works as normal rather than asking for login again on next request.

As per the keycloak documentation, Admin URL shall be set for a particular client that can be used by Keycloak server to send backend requests to the application for various tasks, like logout users or push revocation policies.

From the apache logs, I can not see any back-end request generated by keycloak against the logout perform from App2. If I generate the logout from keycloak admin utility then apache logs show a post action for k_logout.

I think, I am missing some configuration, but don't know what? Any idea/help in this regard will be much appreciated. Many thanks.

Further details:

App1 - Django based web application. This is hosted using Apache and protected using mod_auth_openidc. The apache and mod_auth_openidc configurations are given below.

App2 - Spring MVC (Java). This is deployed on Wildfly and is protected using keyclaok adapter (as per the procedure mentioned here).

Keycloak configurations - Both applications are configured in keycloak using the settings described here.

Apache and mod_auth_openidc configurations are:

WSGIDaemonProcess myproject python-home=path_to_v_env  python-path=path_to_python
WSGIProcessGroup myproject
WSGIScriptAlias / path_to_wsgi.py

OIDCProviderMetadataURL http://keycloak_domain/auth/realms/demo/.well-known/openid-configuration
OIDCRedirectURI http://domain_name/testapp
OIDCCryptoPassphrase random4321
OIDCClientID testapp
OIDCClientSecret client_secret
OIDCDefaultLoggedOutURL http://domain_name/
OIDCScope "openid email profile"
<Location /testapp/>
     AuthType openid-connect
     Require valid-user
</Location>

The versions of different systems in use are:

  1. mod_auth_openidc 2.3.7
  2. apache 2.4.34
  3. Ubuntu 16.4
  4. Keycloak 4.2.1
keycloak mod-auth-openidc
Original Q&A
0

There are 0 best solutions below

Related Questions in KEYCLOAK

Related Questions in MOD-AUTH-OPENIDC

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.