Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide & auto-configure an OidcSessionRegistry impl for Back-Channel Logout in distributed environments #3341

Open
ch4mpy opened this issue Feb 20, 2025 · 0 comments
Open

Provide & auto-configure an OidcSessionRegistry impl for Back-Channel Logout in distributed environments #3341

ch4mpy opened this issue Feb 20, 2025 · 0 comments
Labels
status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement

Comments

@ch4mpy
Copy link

ch4mpy commented Feb 20, 2025

Expected Behavior

When using Spring Session with Spring Boot, I'd expect Back-Channel Logout to work out of the box. This would require a compatible OidcSessionRegistry in the application context.

Current Behavior

The only OidcSessionRegistry provided by Spring Security is InMemoryOidcSessionRegistry which isn't compatible with distributed OAuth2 clients.

Context

I'm using spring-cloud-gateway-mvc configured with oauth2Login, the TokenRelay= filter, and Back-Channel Logout. To achieve high availability of k8s deployments, I'd like to have a minimum of two instances running in parallel. Unfortunately, for now, Back-Channel Logout won't work in this configuration.
@ch4mpy ch4mpy added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Feb 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ch4mpy