ArchLinux: 202106-19: keycloak: incorrect calculation
Summary
Keycloak may fail to logout a user session if the logout request comes from an external SAML identity provider that is set up to identify the principal via attributes rather than by Subject Name ID.
Resolution
Upgrade to 13.0.1-1.
# pacman -Syu "keycloak>=13.0.1-1"
The problem has been fixed upstream in version 13.0.1.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1941565 https://issues.redhat.com/plugins/servlet/samlsso https://github.com/keycloak/keycloak/commit/f014299e7c781dff2b492b81bc81adcf717bd530 https://security.archlinux.org/CVE-2021-3461
Workaround
None.