You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The OidcSessionInformation class should include a mixin for JSON serialization to Redis, which will support clustered servers with OIDC back-channel logout enabled.
Current Behavior
Only the InMemoryOidcSessionRegistry is permitted, and it does not support OIDC back-channel logout for clustered servers that use Redis session storage in Spring Security.
Context
The text was updated successfully, but these errors were encountered:
Hi @SnapPetal , this ticket is mostly a duplicate of 14511. In short, we will not be able to connect the oidc session with the client session, they work differently. Therefore, this cannot be included in the spring session. At the same time, it makes sense to implement JdbcOidcSessionRegistry within the framework of spring security. This can be quite a time consuming task and the community will thank you so much if you open a PR :)
For redis based implementation, the easiest way is to make a simple implementation, for example, OidcSessionRegistryImpl, together with spring cache, this way you can achieve the behavior you need.
Expected Behavior
The OidcSessionInformation class should include a mixin for JSON serialization to Redis, which will support clustered servers with OIDC back-channel logout enabled.
Current Behavior
Only the InMemoryOidcSessionRegistry is permitted, and it does not support OIDC back-channel logout for clustered servers that use Redis session storage in Spring Security.
Context
The text was updated successfully, but these errors were encountered: