Back Channel Logout #558
Replies: 1 comment
-
Keycloak OIDC backchannel logout has slight spec non-compliance: keycloak/keycloak#7357 (ID tokens are missing If your Keycloak has
IIRC, you won't see "Script Mapper" type at all if you don't have both features enabled (https://stackoverflow.com/questions/53390134/keycloak-script-authenticator-missing). Also, mod_auth_openidc 2.3.3 is a bit too old; backchannel logout support requires at least 2.3.9 - https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.3.9. |
Beta Was this translation helpful? Give feedback.
-
I am currently using Keycloak 12.02, which apparently supports OIDC back channel logout. The attached image is a client using OIDC.
I am using mod-auth-openidc 2.3.3 on Ubuntu 18.04
Is it possible to get back channel logouts to work? I can get the regular logout to work with the browser using the redirect url along with the logout get parameter where the redirect url is a passed to Keycloak (OP). It would be great if the back channel worked, so we could log out users directly from the OP or via other sessions that have initiated a logout for the same user.
Beta Was this translation helpful? Give feedback.
All reactions