I have a setup like this:
MyApp <=OIDC=> Keycloak <=SAML2=> Source_of_Users
and I am doing SSO (SingleSignOn) and SLO (SingleLogOut) between MyApp and Source_of_Users.
SLO is particularly important - when/if the user logs out from Source_of_Users, I want the user to be automatically logged out from MyApp. If user does not log out from Source_of_Users, I do not worry about this.
I have implemented the polling scenario where MyApp periodically polls KeyCloak to see if the user is still logged in but I want to avoid polling and get Keycloak proactively notify MyApp when/if users logs out from Source_of_Users. That’s why I am developing this JavaScript authenticator. Hope I am on the right track.
Thanks for the tip about client logout actions.