I’m trying to implement an Event Listener to forward login and logout events to our solution.
I’ve now realized that when an user is logged out from the admin, we only get an Admin event and no user event (type LOGOUT).
Is this possible to be generated? If necessary with different event type than the “user” LOGOUT?
Currently with the admin events, when the event triggers we no longer have access to any of its details beside the resource path (/sessions/), which is quite a limitation.
For some code entry points, I see that for normal logouts at AuthenticationManager::finishBrowserLogout the eventBuilder is created and passed to the LoginProtocol (I hope this is thread safe by the way)
But for the Admin logout the AuthenticationManager::backchannelLogout where I don’t see any event being created.
I have a similar question.
I have a setup like this:
MyApp <=OIDC=> Keycloak <=SAML2=> Source_of_Users
and I am doing SSO (SingleSignOn) and SLO (SingleLogOut) between
Source_of_Users (you can also see this discussion)
SLO is particularly important - when/if the user logs out from
Source_of_Users , I want the user to be automatically logged out from
MyApp . The users can also log out from
MyApp and in this case I hit OIDC logout endpoint, which logs the users out of Keycloak, which logs the users out of
So, when the user initiates the log out from the application, then I certainly see
LOGOUT amount “Login Events”. If the user initiates the log out from
Source_of_Users, then i do not see them as would the logout does not happen (although i do see that
Source_of_Users hits SAML2 logout endpoint at
Keycloak). Is this because of backchannel logout?
How can I hook into the logout handler and do something upon users logging out?