I am using Keycloak as an IAM and have clients "alertmanager" and "Nginx" which are running along with Keycloak-gatekeeper/louketo-proxy as a sidecar in my K8s cluster. Users are able to login perfectly but getting some issues with logout.
When I try to "Logout all" under "Session" from the Keycloak admin section. I get this error and parallelly the gatekeeper/proxy gets a call from Keycloack(I am checking live logs) but since this very request is unauthenticated so that request fails. So, how can we whitelist the IP address of keycloak here?
Also, how can we propagate logout to all the clients from browser when one of the client(application) performs a logout by hitting application/oauth/logout in the browser? The other application which has also logged via SSO in the same browser previously is not logged out and token still persists tokens(checked via application2/oauth/token), both clients(applications) are from the same realm.
It's taking a maximum of 5 mins to refresh among different clients when the proxy asks keycloak to refresh the token.
When I add/remove a user from a particular group let's say "devops" and the proxy/gatekeeper is configured to give access where the user is present in the group "devops". So, if I add someone in the "devops" group it'll maximum of 5 mins to reflect that, and users can start using the associated application. But, when I remove a user from the group. They can still enjoy the access of "devops" group for a maximum of 5 mins, which is a security concern!
Is there a way to propagate events from Keycloack to all the clients instantly. Is this expected behavior of Keycloack?
