Closed SebastianKuehnau closed 3 months ago
heruan
commented
3 months ago Thanks for reporting this! Can you verify if Keycloak reaches out to the app URL when the session is invalidated? If it does, what's the app response?
This is the filter that handles Back-Channel Logout requests, if you set a breakpoint in the doFilter method, is it hit when the request is handled?
SebastianKuehnau
commented
3 months ago The doFilter method is not called when I invalidate the session on keycloak manually.
Here is a very simple example project repository (with Docker) to reproduce the issue. https://github.com/SebastianKuehnau/sso-demo
heruan
commented
3 months ago The
doFiltermethod is not called when I invalidate the session on keycloak manually.
Can you verify if the request is sent by Keycloak to the configured Back-Channel Logout URL? In your case that would be:
http://10.10.2.175:8080/logout/back-channel/keycloakIf it's sent and received, the response code to that request would be of great help to understand what's happening. You can use tcpflow to debug the requests, e.g.
tcpflow -i lo0 -c -g port 8080After disabling the front channel logout the issue no longer occurs.
Thank you for your support and prompt response.
This ticket can be closed.
I have a Vaadin 24 Application with SSO Kit and a proper configured KeyCloak Server. After signing out an existing session on KeyCloak the Vaadin Application is not automatically logging out and the user can navigate through the application.
The configuration of the KeyCloak has been done according to the documentation (https://vaadin.com/docs/latest/tools/sso/integrations/keycloak#configuring-access-logout-settings).
The issue seems to appear starting from Vaadin 24.3.0. In older Version it is work properly.