Closed solsson closed 8 years ago
Cache type server-cache:persistent
(see https://github.com/Reposoft/openidc-keycloak-test/commit/8e0b2e8ebd5192003cbda7f926ee38f3ad269797) works very well with Keycloak's "Remember Me" checkbox (a realm setting enables it on the login page). This increases the need for working logout. Unlike with google accounts there is no other place for users to log out when using Keycloak.
My guess is that Keycloak actually logs out the user, but the session isn't automatically invalidated in mod_auth_openidc.
It has zero effect on authentication to click the "Log out" URL in http://openidc/protected/.
The log out URL is according to http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#d4e1398