java - Single Logout not working with multiple SP - Spring Security SAML

Question

I have Springboot app acting as an SP built by following this example.Below is my usecase -

1. Using Keycloak as an IDP.
2. Launched SP-1 at port 3030 having EntityId login-app-one.
3. Launched SP-2 at port 4040 having EntityId login-app-two.
4. Registered these two instances in Keycloak as two clients in same realm named demo.
5. Created dummy user in Keycloak.
6. Logged in to SP-1 successfully.
7. Logged in to SP-2 successfully.
8. I can see two sessions created in Keycloak admin console.
9. Tried Global Logout from SP-1, Keycloak sessions are still active.
10. Tried Global Logout from SP-2, Keycloak session are still active.
11. Sometimes, doing a Global logout from SP-2 lands me on SP-1 after redirection from Keycloak. This is weird. (Found the reason for this behaviour, the my update below)

Important thing to note here is that if I have a single SP logged in, the Global logout works fine. I'm trying to achieve simple SSO and SLO using multiple SPs but it does not work.

I suspect the problem is with my Spring SAML app. I don't see any errors on the Springboot console.

Update:

1. SLO is working well if springboot app is hosted on some domain. I deployed two instances of my Springboot app and keycloak server on a docker container (using https://labs.play-with-docker.com/). So now the question is why it doesn't work on localhost.
2. Logging out SP-1 lands me on SP-2 because the Front Channel Logout option was enabled in the client settings in my Keycloak server. Because of this, Keycloak logs out all the clients one by one through a browser redirect.

Answer 1

等待大神解答