diff --git a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java
index 2879a06..6a64765 100644
--- a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java
+++ b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java
@@ -1,14 +1,16 @@
package org.keycloak.adapters.springsecurity.authentication;
import org.keycloak.adapters.KeycloakDeployment;
+import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.springsecurity.AdapterDeploymentContextBean;
+import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.util.Assert;
-import org.springframework.web.util.UriComponentsBuilder;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -22,7 +24,6 @@ import java.io.IOException;
*/
public class KeycloakLogoutHandler implements LogoutHandler {
- public static final String SSO_LOGOUT_COMPLETE_PARAM = "sso_complete";
private static final Logger log = LoggerFactory.getLogger(KeycloakLogoutHandler.class);
private AdapterDeploymentContextBean deploymentContextBean;
@@ -40,30 +41,24 @@ public class KeycloakLogoutHandler implements LogoutHandler {
return;
}
- if (Boolean.valueOf(request.getParameter(SSO_LOGOUT_COMPLETE_PARAM))) {
- // already logged out
- return;
- }
-
try {
handleSingleSignOut(request, response);
} catch (IOException e) {
- throw new IllegalStateException("Unable to redirect to SSO url!", e);
+ throw new IllegalStateException("Unable to make logout admin request!", e);
}
}
- protected String createRedirectUrl(HttpServletRequest request) {
-
- return UriComponentsBuilder.fromHttpUrl(request.getRequestURL().toString())
- .replaceQueryParam(SSO_LOGOUT_COMPLETE_PARAM, true).build().toUriString();
- }
-
protected void handleSingleSignOut(HttpServletRequest request, HttpServletResponse response) throws IOException {
+ KeycloakAuthenticationToken authentication = (KeycloakAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
KeycloakDeployment deployment = deploymentContextBean.getDeployment();
- String redirectUrl = createRedirectUrl(request);
+ RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) authentication.getAccount().getKeycloakSecurityContext();
- response.sendRedirect(deployment.getLogoutUrl().queryParam("redirect_uri", redirectUrl).build().toASCIIString());
+ try {
+ session.logout(deployment);
+ } catch (Exception e) {
+ log.error("Unable to complete Keycloak single sign out", e);
+ }
}
}
