Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OIDC Back-Channel Logout Support for Clustered Servers #16321

Open
SnapPetal opened this issue Dec 20, 2024 · 2 comments
Open

OIDC Back-Channel Logout Support for Clustered Servers #16321

SnapPetal opened this issue Dec 20, 2024 · 2 comments
Labels
status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement

Comments

@SnapPetal
Copy link

Expected Behavior

The OidcSessionInformation class should include a mixin for JSON serialization to Redis, which will support clustered servers with OIDC back-channel logout enabled.

Current Behavior

Only the InMemoryOidcSessionRegistry is permitted, and it does not support OIDC back-channel logout for clustered servers that use Redis session storage in Spring Security.

Context

@SnapPetal SnapPetal added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Dec 20, 2024
@franticticktick
Copy link
Contributor

Hi @SnapPetal , this ticket is mostly a duplicate of 14511. In short, we will not be able to connect the oidc session with the client session, they work differently. Therefore, this cannot be included in the spring session. At the same time, it makes sense to implement JdbcOidcSessionRegistry within the framework of spring security. This can be quite a time consuming task and the community will thank you so much if you open a PR :)
For redis based implementation, the easiest way is to make a simple implementation, for example, OidcSessionRegistryImpl, together with spring cache, this way you can achieve the behavior you need.

@SnapPetal
Copy link
Author

@franticticktick I am confused about OidcSessionRegistryImpl would work? Also how does OIDC Session and Spring Security work togethor?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
Projects
None yet
Development

No branches or pull requests

2 participants