Backchannel logout when using "Logout all" in the Admin Console

Hello.

I am using backchannel logout in order to ensure that users cannot use tokens of session that were manually ended before they expire.
The backchannel logout request gets sent whenever a user cancels the session himself or when a specific session is cancelled in the Admin Console.
However, it does not seem to be sent when using the “Logout all” functionality of the realm which is a security risk if I understand that correctly.
Is this expected behaviour? Is there a way to send backchannel logout requests that I did not see?

~ Lukas

1 Like