Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-17653

Implement support frontchannel logout on openid-connect

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Minor
    • 15.1.0
    • 13.0.0
    • Admin - Console, OIDC
    • None

    Description

      Frontchannel logout could be implemented on Keycloak as specified in Draft: OpenID Connect Front-Channel Logout 1.0 - draft 04

      Some relevant OIDC client implementations like mod_auth_oidc already support

      Initialized from https://groups.google.com/g/keycloak-dev/c/GZr-qL2cquE/m/QSneckXrBQAJ

      Suggested changes:

      • Add enum to LoginFormsPage to represent frontchannel transition page.
      • Add enum to filename mapping on keycloak/forms/login/freemarker/Templates.
      • Add createFrontchannelLogoutPage() interface to LoginFormsProvider.
      • Add createFrontchannelLogoutPage() implementation to FreeMarkerLoginFormsProvider.
      • Implement frontchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) on OIDCLoginProtocol.
      • Alter finishLogout(UserSessionModel userSession) on OIDCLoginProtocol.
      • Show checkbox for frontchannel logout for OIDC protocol and add a text field for client attribute frontchannel_logout_url on theme/base/admin/resources/partials/client-detail.html
      • Create template theme/base/login/frontchannel-logout.ftl
      • Translations on theme/base/login/messages/messages_en.properties and theme/base/admin/messages/messages_en.properties

      Some work done:

      rhyamada/keycloak: Open Source Identity and Access Management For Modern Applications and Services (github.com)

       

      Including frontchannel logout Tests

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. KEYCLOAK-15221 Backchannel Logout sid Claim not provided in ID Token

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed
          is duplicated by

          Feature Request - Feature requests from customers and/or users KEYCLOAK-2939 OpenID Connect Front-Channel Logout

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          mentioned on

          GitLab Merge request - [KEYCLOAK-17653] - Front-channel logout

          GitLab Merge request - [KEYCLOAK-17653] - OIDC Frontchannel logout support

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: KEYCLOAK

              People

                psilva@redhat.com Pedro Igor Craveiro
                rhyamada Ronaldo Yamada (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: