Hello everyone,
we are extending Keycloak in our application and for our usecase I would like to trigger a backchannel logout in a realm for a user that is linked to another user in another realm. However, the AuthenticationManager.backchannelLogoutUserFromClient does not seem to end the session in the target realm. Could you tell me what I am doing wrong? Or how I could possbily debug this issue/get more feedback or information?
Using Keycloak 15.0.2 and this is my code which is triggered on logout event:
private void handleLogoutEvent(Event event) {
if (event.getType() == EventType.LOGOUT) {
// Get the current realm of the logout event
RealmModel realm = session.realms().getRealm(event.getRealmId());
// Get the user initiating the logout
UserModel user = session.users()
.getUsersStream(realm)
.filter(userModel -> Objects.equals(userModel.getId(), event.getUserId()))
.findFirst()
.orElse(null);
// Get the target realm
RealmModel targetRealm = session.realms().getRealmByName(TARGET_REALM_NAME);
// Get the target user -> We select the user in the target realm who has a federated identity with the same username as the user initiating the logout
UserModel targetUser = session.users().getUsersStream(targetRealm).filter(userModel -> {
Stream<FederatedIdentityModel> federatedIdentitiesStream = session.users().getFederatedIdentitiesStream(targetRealm, userModel);
return federatedIdentitiesStream.anyMatch(federatedIdentityModel -> federatedIdentityModel.getUserName().equals(user.getUsername()));
}).findFirst().orElse(null);
if (targetRealm != null && targetUser != null) {
ClientModel targetClient = targetRealm.getClientByClientId(CLIENT_NAME);
// Initiate backchannelLogout for this user that should initiate a backChannel logout for every provider
AuthenticationManager.backchannelLogoutUserFromClient(session, targetRealm, targetUser, targetClient,
session.getContext().getUri(), session.getContext().getRequestHeaders());
}
}
}