Currently, I have integrated Keycloak with Jenkins and ArgoCD using the OIDC protocol, and I’d like to ask for your input on the Single Logout (SLO) functionality.
After logging into both Jenkins and ArgoCD, I would like it so that logging out from ArgoCD will also log out the session in Jenkins.
At present, both ArgoCD and Jenkins generate application tokens and sessions based on Keycloak token information at the time of login. However, because each application creates and manages its tokens and sessions independently, Keycloak cannot directly control or expire these sessions on its own. As a result, unless each application initiates the logout, the browser-stored session remains active for each application. (The Keycloak session itself does expire.)
I have the following questions:
- When Jenkins receives a Backchannel Logout request, is there a URL in Jenkins that can handle the request to terminate the session?
- Is there a delete session REST API in Jenkins? If so, could you provide details on how to use it and how it functions?
- Are there any other potential solutions for this issue?