Keycloak Logout - session timeout

Hi Everyone,
I am using keycloak as server side Authenticator. I need to achieve auto logout feature i.e show a pop-up to the user when his session is about to expire.
I know for client side we have a javascript adapter.

But since we are doing a server side authentication I am following the below approach
–> I am using a check_session_iframe url shared by keycloak. As per the doc this is the url
–> This is the content inside login-status-iframe.html
–> I am able to post a message to the Iframe but when I debugged the isssue I found that the below url
https://{}/auth/realms/dev/protocol/openid-connect/login-status-iframe.html/init?client_id={MyClientId}&origin={} is giving a 403 Forbidden Error

Below is a part of the code from the Iframe (http://Login-Status-Iframe-Url)

if (!init) {
var req = new XMLHttpRequest();

        var url = location.href.split("?")[0] + "/init";
        url += "?client_id=" + encodeURIComponent(clientId);
        url += "&origin=" + encodeURIComponent(origin);'GET', url, true);

        req.onreadystatechange = function () {
            if (req.readyState === 4) {

==>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>It’s failing here, status is 403
if (req.status === 204 || req.status === 1223) {
init = {
clientId: clientId,
origin: origin

Any help is deeply appreciated. Thanks In advance


Same problem here. Any ideas ?

So the Iframe can be polled only when both the RP and OP use https protocol.
with RP in http and OP in https it will not work.
Both should have a valid SSL certificate.
Hope this helps.