0

Single logout (SLO) does not work in a coupled environment. The load balancer is routing backchannel logout requests to servers by random. The user session may be on another server.

The load balancer is using a sticky session (cookie in a browser) for the user requests. Backchannel logout requests comes from a different origin: the OIDC server.

Everything works fine with a single OpenLiberty server instance as all the requests are implicitly routed to the correct OpenLiberty server.

To my understanding the OIDC client feature does NOT support backend redirecting.

How should we fix this? Is there any "out-of-the-box" options for this?

Improve this question
Related questions
2
Okta backchannel logout for OIDC
1
Keycloak | OIDC Backchannel (Single) Logout with Spring Security
1
Session management with load balancer in Java EE
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.