I’m using Keycloak with OpenID Connect. It seems to me that the behaviour of the OpenID logout endpoint has changed between Keycloak version 9.0.0 and 9.0.2.
With version 9.0.0 the logout was working correctly: the user was logged out, and redirected to the URI provided as parameter of the logout request (I fill the parameters according to the OpenID specification described here).
Instead, with version 9.0.2 the user is redirected to a Keycloak page stating “Session not active”. If I come back to the home page of my application, the user enters without any login, since the session seems to be still valid.
Does version 9.0.2 requires some additional configuration for the logout w.r.t version 9.0.0?