Redirect secured by Keycloak client side apps to login page after idle timeout. Apps are behind app gateway

0
votes

How to implement logout of client side services after idle timeout?

Services are secured by Keycloak + Application gateway.

The Gateway is node.js app which protects services' urls using Keycloak node.js adapter, so that authentication will be required on browser access to the urls. (redirect to login url)

Services enforce authorization locally by inspecting roles present in the access token gateway receives and attaches to the request after successful authentication.

Keycloak is behind gateway too.

I thought about adding custom event listener in Keycloak code which would notify all the services interested in session timeout event via some message bus.

Thanks in advance.

1
keycloakkeycloak-servicesredhat-sso

1 Answers

1
votes

Keycloak informs all clients participating in a session that gets terminated (by timeout or explicit logout request). The only prerequisite is that the "Admin URL" is set for the client (see Keycloak admin console - client settings). Since you're using the Keycloak node.js adapter it should be able to handle the logout request from Keycloak. See Keycloak Server Administration Guide (look for "Admin URL").