Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
532 views
in Technique[技术] by (71.8m points)

java - Single Logout not working with multiple SP - Spring Security SAML

I have Springboot app acting as an SP built by following this example.Below is my usecase -

  1. Using Keycloak as an IDP.
  2. Launched SP-1 at port 3030 having EntityId login-app-one.
  3. Launched SP-2 at port 4040 having EntityId login-app-two.
  4. Registered these two instances in Keycloak as two clients in same realm named demo.
  5. Created dummy user in Keycloak.
  6. Logged in to SP-1 successfully.
  7. Logged in to SP-2 successfully.
  8. I can see two sessions created in Keycloak admin console.
  9. Tried Global Logout from SP-1, Keycloak sessions are still active.
  10. Tried Global Logout from SP-2, Keycloak session are still active.
  11. Sometimes, doing a Global logout from SP-2 lands me on SP-1 after redirection from Keycloak. This is weird. (Found the reason for this behaviour, the my update below)

Important thing to note here is that if I have a single SP logged in, the Global logout works fine. I'm trying to achieve simple SSO and SLO using multiple SPs but it does not work.

I suspect the problem is with my Spring SAML app. I don't see any errors on the Springboot console.

Update:

  1. SLO is working well if springboot app is hosted on some domain. I deployed two instances of my Springboot app and keycloak server on a docker container (using https://labs.play-with-docker.com/). So now the question is why it doesn't work on localhost.
  2. Logging out SP-1 lands me on SP-2 because the Front Channel Logout option was enabled in the client settings in my Keycloak server. Because of this, Keycloak logs out all the clients one by one through a browser redirect.
question from:https://stackoverflow.com/questions/65834833/single-logout-not-working-with-multiple-sp-spring-security-saml

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...