According to Keycloak docs “When logout from Keycloak is triggered, Keycloak will send a request to the external identity provider that was used to login to Keycloak, and the user will be logged out from this identity provider as well” (https://www.keycloak.org/docs/7.0/server_admin/#identity-broker-logout).
However, in our app we are unable to log out of the IDP even though we are able to log out of our app. We have SSO with Google and Microsoft configured with default IDPs, and for both the behaviour we see is that after an initial login the user gets into the app with only a username (no password, no account selection). It ony asks for password or account selection after logging out of Google or Microsoft directly in the browser.
In fact, we don’t even see the session end. Any ideas?