keycloak-uncached

KEYCLOAK-4288 Wildfly

KEYCLOAK-4288 Use SessionListener to keep track of local HTTP-SSO …

session mappings

KEYCLOAK-4288 Fix SAML logout session for Tomcat/EAP6 When …

logging out via application (via ?GLO=true query parameter),
CatalineSamlSessionStore does not expire session, while it does that
in logging by SAML session index.

This causes distributed sessions being invalidated only on node hanling
the request, but remains active in other nodes of the cluster. Then the
session can be resurrected on next cache replication back even to the
node where the logout was performed. This behaviour is fixed here.

Merge pull request #4101 from hmlnarik/KEYCLOAK-4489-2.5.x KEYCLOAK-4489 …

Use event reader from AbstractParser, which handles newlines and whitespace

KEYCLOAK-4489 Use event reader from AbstractParser, which …

handles newlines and whitespace.

(cherry picked from commit 224c9c539591a2caf6c76b2ef148578eb9be076f)

Merge pull request #4099 from stianst/2.5.x KEYCLOAK-4717 …

for 2.5.x

KEYCLOAK-4717 Add test

KEYCLOAK-4717 Added extra check for data content in receive …

message for session iframe

Verify message comes from loginIframe In the current implementation …

a message coming from any window on the same origin may cause the refresh token to be cleared.
In my case, messages generated by a chrome extension were causing the application to logout unexpectedly. With additional condition only messages coming from the login iFrame will be processed. Another suggestion would be changing the condition `event.data != "unchanged"` to something more specific.

Merge pull request #4072 from hmlnarik/KEYCLOAK-4779-2.5.x KEYCLOAK-4779 …

Fix NPE