search

Reposoft / openidc-keycloak-test

zmartzone/mod_auth_openidc and keycloak combined - self hosted cloud auth
19 stars 6 forks source link

Fails to log out #1

Closed solsson closed 8 years ago

solsson commented 8 years ago

It has zero effect on authentication to click the "Log out" URL in http://openidc/protected/.

The log out URL is according to http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#d4e1398

solsson commented 8 years ago

Cache type server-cache:persistent (see https://github.com/Reposoft/openidc-keycloak-test/commit/8e0b2e8ebd5192003cbda7f926ee38f3ad269797) works very well with Keycloak's "Remember Me" checkbox (a realm setting enables it on the login page). This increases the need for working logout. Unlike with google accounts there is no other place for users to log out when using Keycloak.

My guess is that Keycloak actually logs out the user, but the session isn't automatically invalidated in mod_auth_openidc.