Skip to content

Provide & auto-configure an OidcSessionRegistry impl for Back-Channel Logout in distributed environments #3341

New issue
New issue
Open
Open
Provide & auto-configure an OidcSessionRegistry impl for Back-Channel Logout in distributed environments#3341
Labels
status: waiting-for-triageAn issue we've not yet triagedtype: enhancementA general enhancement
@ch4mpy

Description

@ch4mpy
ch4mpy
opened on Feb 20, 2025

Expected Behavior

When using Spring Session with Spring Boot, I'd expect Back-Channel Logout to work out of the box. This would require a compatible OidcSessionRegistry in the application context.

Current Behavior

The only OidcSessionRegistry provided by Spring Security is InMemoryOidcSessionRegistry which isn't compatible with distributed OAuth2 clients.

Context

I'm using spring-cloud-gateway-mvc configured with oauth2Login, the TokenRelay= filter, and Back-Channel Logout. To achieve high availability of k8s deployments, I'd like to have a minimum of two instances running in parallel. Unfortunately, for now, Back-Channel Logout won't work in this configuration.

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: waiting-for-triageAn issue we've not yet triagedtype: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions