Administering sessions

To see a top-level view of the active clients and sessions in Keycloak, click Sessions from the menu.

Sessions

Sessions tab

Signing out all active sessions

You can sign out all users in the realm. From the Action list, select Sign out all active sessions. All SSO cookies become invalid. Keycloak notifies clients by using the Keycloak OIDC client adapter of the logout event. Clients requesting authentication within active browser sessions must log in again. Client types such as SAML do not receive a back-channel logout request.

Clicking Sign out all active sessions does not revoke outstanding access tokens. Outstanding tokens must expire naturally. For clients using the Keycloak OIDC client adapter, you can push a revocation policy to revoke the token, but this does not work for other adapters.

Viewing client sessions

Procedure

  1. Click Clients in the menu.

  2. Click the Sessions tab.

  3. Click a client to see that client’s sessions.

    Client sessions

    Client sessions

Viewing user sessions

Procedure

  1. Click Users in the menu.

  2. Click the Sessions tab.

  3. Click a user to see that user’s sessions.

    User sessions

    User sessions