We are integrating Kibana in our Keycloak identity management solution but have problems getting ‘single logout’ working when triggered from another client.
This is the scenario:
- User enters the portal but has to login in Keycloak first
- Keycloak handles authentication and redirects back to portal
- In the portal is a link to the Kibana dashboard and the user clicks it
- Kibana does OIDC single sign on with keycloak and the dashboard is presented
- User goes back to portal and clicks on logout in the portal
- Keycloak logoff is called and the portal session is gone
- The Kibana session with the user still exists
In the normal situation the Single Logoff scenario would mean that the Keycloak server calls the Kibana logoff endpoint with the session-id used for single sign on.
Does this work for Kibana? Do you have examples for Single or Global Logoff and Kibana where the action is performed from server to server.