Logout not working (Keystone <-> Keycloak )

[smarques]

Hi, I have completed a test integration with Keycloak as identity provider using your backend example. Everything works fine except for the logout function. Here's how I reproduce the problem:

• On keystone login page click on 'Login with Keycloak'
• You are redirected to Keycloak (correct) where you login
• You are then redirected back to Keystone and you are logged in correctly.
• Click on Signout
• You are correctly signed out and taken back to the login page (correct)
• Now if I click on 'Login with Keycloak again', I am automatically logged in with my previous user, there is no way I can login with a different account.

If I check in Keycloak I can see the user's session is still active. I think there should be a way for keystone to signal to keycloak that the user has ended their session. I know the .well-known file exposes a end_session_endpoint, I am wondering if this should be used somehow.

TIA