OpenId Logout button using Keycloak

lgdd / openid-connect-single-button

A Liferay Fragment to configure and display and single "Sign in" button to an OpenId Connect Provider.

MIT License

0 stars 2 forks source link

OpenId Logout button using Keycloak #1

Closed imrushi closed 7 months ago

imrushi commented 2 years ago

Hi @lgdd , Thank you for making such a great example repository. I'd like to add a Logout/Sign Out button that will log the user out of SSO and prompt them for Keycloak authentication again when they log in.

Currently when the user logs in after that when he clicks on Liferay Sign Out. It is not signed out from SSO and again logged in without Authentication.

lgdd commented 2 years ago

Hi @imrushi ! Thanks for your kind words :)

Indeed, in this example, when logging out we close the Liferay session but not the Keycloak session. I believe that in order to do that, we would need a PostLogoutAction component calling Keycloak to close the session. A bit similar to what my colleague did here with a PostLoginAction to get the user-info from OIDC and map the attributes to the Liferay user.

I'll add the component with a configuration to choose to close or not both sessions.

Thanks for your feedback!

Shikatao commented 1 year ago

Hello, tell me, please, did you find a solution?

lgdd commented 7 months ago

See the ticket on Liferay Issues: https://liferay.atlassian.net/browse/LPD-412

lgdd commented 7 months ago

You should find the code you're looking for here: https://github.com/fabian-bouche-liferay/saml-user-group-mapping/blob/master/modules/oidc-logout/src/main/java/com/liferay/samples/fbo/oidc/logout/BackchannelLogoutServlet.java