I have a question regarding backchannel logout when using multiple application instances.
Say you have an application with two instances (A and B) behind a reverse proxy. You create a client for the application in Keycloak, and set the admin URL to point to the reverse proxy. Then, consider:
- The user gets a session to instance A
- The user logs out from another application
- Keycloak performs backchannel logout against the loadbalancer, but reaches instance B
- Instance B does nothing since it does not have a session with the user. The session in instance A is still there.
How do you achieve single logout with backchannel when you have multiple application instances?