Before reporting an issue
Area
oidc
Describe the bug
I have a setup where I use Keycloak as an OIDC adapter for a SAML IdP ( https://dev.solita.fi/2024/10/11/keycloak-suomifi-from-scratch.html ). Single Log-Out does not work correctly.
A logout request on a SAML ServiceProvider does get trasmitted to Keycloak, and the session is terminated, but keycloak does not deliver the logout request to the OIDC client, which ends up keeping a session alive.
Version
26.1.0
Regression
Expected behavior
- Login via OIDC RP
- Login via SAML SP
- Logout via SAML SP
- Logout is communicated to OIDC RP
- No session on SAML SP, no session on Keycloak, no session on OIDC RP
Actual behavior
- Login via OIDC RP
- Login via SAML SP
- Logout via SAML SP
- Logout is not communicated to OIDC RP
- Session alive on OIDC RP, no session on SAML SP, no session on Keycloak
How to Reproduce?
SAML IdP
OIDC client
login using OIDC RP, login using SAML SP, logout using SAML SP
Anything else?
Is this supposed to work? There are some tickets, but relevant ones seem solved.
Before reporting an issue
Area
oidc
Describe the bug
I have a setup where I use Keycloak as an OIDC adapter for a SAML IdP ( https://dev.solita.fi/2024/10/11/keycloak-suomifi-from-scratch.html ). Single Log-Out does not work correctly.
A logout request on a SAML ServiceProvider does get trasmitted to Keycloak, and the session is terminated, but keycloak does not deliver the logout request to the OIDC client, which ends up keeping a session alive.
Version
26.1.0
Regression
Expected behavior
Actual behavior
How to Reproduce?
SAML IdP
OIDC client
login using OIDC RP, login using SAML SP, logout using SAML SP
Anything else?
Is this supposed to work? There are some tickets, but relevant ones seem solved.