Closed SebastianKuehnau closed 3 months ago
Thanks for reporting this! Can you verify if Keycloak reaches out to the app URL when the session is invalidated? If it does, what's the app response?
This is the filter that handles Back-Channel Logout requests, if you set a breakpoint in the doFilter
method, is it hit when the request is handled?
The doFilter
method is not called when I invalidate the session on keycloak manually.
Here is a very simple example project repository (with Docker) to reproduce the issue. https://github.com/SebastianKuehnau/sso-demo
The
doFilter
method is not called when I invalidate the session on keycloak manually.
Can you verify if the request is sent by Keycloak to the configured Back-Channel Logout URL? In your case that would be:
http://10.10.2.175:8080/logout/back-channel/keycloak
If it's sent and received, the response code to that request would be of great help to understand what's happening. You can use tcpflow
to debug the requests, e.g.
tcpflow -i lo0 -c -g port 8080
After disabling the front channel logout
the issue no longer occurs.
Thank you for your support and prompt response.
This ticket can be closed.
I have a Vaadin 24 Application with SSO Kit and a proper configured KeyCloak Server. After signing out an existing session on KeyCloak the Vaadin Application is not automatically logging out and the user can navigate through the application.
The configuration of the KeyCloak has been done according to the documentation (https://vaadin.com/docs/latest/tools/sso/integrations/keycloak#configuring-access-logout-settings).
The issue seems to appear starting from Vaadin 24.3.0. In older Version it is work properly.