Open rizerzero opened 3 years ago
+1 on this.
Even when a user signs out of the identify provider, the subdomain sessions that had been previously authenticated with traefik-forward-auth remain active for the configured $LIFETIME (default of 43200 seconds)
@thomseddon, could you help clarify whether this is intended (possibly worth mentioning in the readme of the project).
Hi guys, I'm opening an issue again because I still did not manage to make the single signout work.
I have a setup like this :
staging.sub.app.domain.com
=> vue appstaging.doc.app.domain.com
=> Mkdocssso.domain.com
=> keycloakThe documentation is built with Mkdocs (static HTML). which I want to secure with traefik-forward-auth. with the configuration below, I can log in to
staging.doc.app.domain.com
and will be logged instaging.sub.app.domain.com
too, but if I log out from my app (staging.sub.app.domain.com
), then I'm not logged out from the doc (staging.doc.app.domain.com
). it seems like the token is revoked remotely but locally it's still existingI have noticed that in the cookie, the domain name for my vue app is
sso.domain.com
but in the cookie of the documentation, is.staging.doc.app.domain.com
I have set the env variable COOKIE_DOMAIN tosso.domain.com
but this did not change anything the domain is always for.staging.doc.app.domain.com
Thank you.