Java Tomcat SAML Adaptor: What happens to saml auth session when client browser is closed?

kevin7edward · March 23, 2022, 11:57am

Hello,

We implemented the Keycloak 16.0.1 Java Tomcat Saml Adaptor in our web application. Seems to work, we see good saml auth with our ADFS IDP.

QUESTION What is supposed to happen when the client browser completes a successful saml auth for a protected URL, and then the user closes their web browser and then reopens? Isn’t the session destroyed in the browser? Shouldn’t the keycloak adaptor require re-auth via saml when the browser trys to go the same proteced URL?

Topic		Replies	Views
Keycloak Adaptor +ADFS idp, and Tomcat== web.xml roles seem to be ignored !?	0	323	April 29, 2022
Client adapter for Tomcat 10 adapter-java	3	1277	February 20, 2023
Removing Keycloak session after SAML Logout Getting advice saml	14	13001	July 22, 2020
SAML global logout and session id cookie with the generic servlet filter Securing applications saml	1	1846	January 7, 2021
Still have to login on OpenID client after sucessfull login on SAML client Configuring the server oidc , saml	6	1247	November 27, 2020

Java Tomcat SAML Adaptor: What happens to saml auth session when client browser is closed?

Related Topics