I have a similar question.
I have a setup like this:
MyApp <=OIDC=> Keycloak <=SAML2=> Source_of_Users
and I am doing SSO (SingleSignOn) and SLO (SingleLogOut) between MyApp
and Source_of_Users
(you can also see this discussion)
SLO is particularly important - when/if the user logs out from Source_of_Users
, I want the user to be automatically logged out from MyApp
. The users can also log out from MyApp
and in this case I hit OIDC logout endpoint, which logs the users out of Keycloak, which logs the users out of Source_of_Users
So, when the user initiates the log out from the application, then I certainly see LOGOUT
amount “Login Events”. If the user initiates the log out from Source_of_Users
, then i do not see them as would the logout does not happen (although i do see that Source_of_Users
hits SAML2 logout endpoint at Keycloak
). Is this because of backchannel logout?
How can I hook into the logout handler and do something upon users logging out?