cannot trigger single logout
Closed this issue · 1 comments
Cannot configure keycloak to do back-channel single logout.
I do single login to the same user via two clients.
And try to do single logout from cas1 client.
But keycloak does not send POST to cas2 client.
That is, keycloak does not call backchannelLogout
:
https://github.com/jacekkow/keycloak-protocol-cas/blob/master/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java#L133
Am I missing some parts or this project does not support slo?
Sorry, it's my mistake. I run keycloak in docker with bridged network (by default), and the back-channel logout is blocked. When I run keycloak docker in host network mode, SLO works.
But there is a side problem. The orginal logout is not responsed with redirected request.
That is, when I logout from cas1, keycloak would post SLO to cas1 and cas2, but does not response to cas1 directly. This is different from SAML provider.