Propagate logout from external identity provider to keycloak broker


It’s a bit of an inverse of an issue a lot of people are facing, no doubt, but propagating logout requests from broker to external system works fine. However, i can’t seem to find a way to force keycloak to kill user session if user session is being killed on the external identity provider.
So far, debugging a test config of two keycloaks (one “external system” and one “broker”) shows that there is indeed a potential for this: tries to send a logout request to whatever is set in managementUrl, but no matter how i configure it it always return an error 400:
[2021-10-06 18:32:22,986] [INFO] [thread=default task-48] [] Got Event type=LOGOUT_ERROR realmId=saml-broker-realm clientId=null userId=null ipAddress= error=invalid_client_credentials

I don’t see any place to configure client credentials but on the broker itself and this won’t help external idp to send a logout request to the broker.
Is such a thing at all possible with keycloak?

Seems to work only with Keycloak OIDC provider when Admin URL for the client on external idp is specified http://<idp-host>:<idp-port>/auth/realms/<realm-name of broker>/broker/<broker idp alias>/endpoint. This change does not affect OIDC v1 provider in any way.