Hi!
When a WSFed client sends a signout request to keycloak and the user is connected to multiple WSFed clients, keycloak will send a backchannel logout request to all other connected clients. After reading the code, the URL used to perform the backchannel logout is the first URL found in the "Valid Redirect URIs" setting of the client. This is a bad idea because the order of the values in the "Valid Redirect URIs" list cannot be chosen/forced.
Is it possible to store the backchannel logout URL in a dedicated field or use an existing field like "Admin URL" ?
If not possible it should at least be mentioned in the "Valid Redirect URIs" tooltip that the first value of the list will also be used for backchannel logout purpose
Thanks
Regards
--
Joaquim
Hi!
When a WSFed client sends a signout request to keycloak and the user is connected to multiple WSFed clients, keycloak will send a backchannel logout request to all other connected clients. After reading the code, the URL used to perform the backchannel logout is the first URL found in the "Valid Redirect URIs" setting of the client. This is a bad idea because the order of the values in the "Valid Redirect URIs" list cannot be chosen/forced.
Is it possible to store the backchannel logout URL in a dedicated field or use an existing field like "Admin URL" ?
If not possible it should at least be mentioned in the "Valid Redirect URIs" tooltip that the first value of the list will also be used for backchannel logout purpose
Thanks
Regards
--
Joaquim