- 🇧🇪Belgium BramDriesen Belgium 🇧🇪
I believe this is how it's designed to work.
It doesn't mean if you log-out from Drupal that you should be logged out from Keycloak as well. That would break the whole idea behind SSO. You can set different timeout rules from within Drupal and Keycloak. For example your Keycloak credentials can be valid for 8 hours, but your Drupal session is destroyed after one hour, prompting you again to log-in or at least hit the keycloak login page.
- 🇩🇪Germany jurgenhaas Gottmadingen
@BramDriesen I couldn't agree more, only opened this issue 3 years ago because my client at the time thought, this is what they needed. We since have changed the strategy and don't use this anymore.
However, whether we like it or not, what else is the purpose of the keycloak_sign_out option if not exactly that: sign out from keycloak when you sign out from Drupal? Yes, it's strange, but that's what it should do. I've since seen not only one implementation of SSO scenarios where exactly that was what people were looking for, I'm afraid.
- Status changed to Active
almost 2 years ago 9:03am 15 March 2023 - 🇧🇪Belgium BramDriesen Belgium 🇧🇪
Good question! I have no idea myself as I also only recently adopted the module to help maintain it.
Will set it back to active to have a more in depth look in the ticket which added the functionality. Seems like people there also reported it not to work.
- 🇫🇷France nguerinet
I'm working with this module and try to understand where the issue should be.
In KeycloakController file, the user is first logged out and then we try to redirect to keycloak logout with sso_token.
We are not redirect to /keycloak/logout?id_token=... because we are no longer connected.The solution I try is to logout the user when the user is logged out from SSO (that's what we want) and only log out the user in Controller if KeycloakSignout is not enabled.
For the record I worked with the version 1.7 of the module