对于用户的登出/注销操作，都可以设置一个回调接口，这个接口是作用到client上面的，并且必须是POST接口，相关回调方法的调用，可以参考keycloak14.0.0的这个方法:

• org.keycloak.services.managers.sendBackChannelLogoutRequestToClientUri
• 核心代码段

LogoutToken logoutToken = session.tokens().initLogoutToken(resource, user, clientSessionModel);
String token = session.tokens().encode(logoutToken);
if (logger.isDebugEnabled())
    logger.debugv("logout resource {0} url: {1} sessionIds: ", resource.getClientId(), managementUrl);
HttpPost post = null;
try {
    post = new HttpPost(managementUrl);
    List<NameValuePair> parameters = new LinkedList<>();
    if (logoutToken != null) {
        parameters.add(new BasicNameValuePair(OAuth2Constants.LOGOUT_TOKEN, token));
    }
    CloseableHttpClient httpClient = session.getProvider(HttpClientProvider.class).getHttpClient();
    UrlEncodedFormEntity formEntity;
    formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
    post.setEntity(formEntity);
    try (CloseableHttpResponse response = httpClient.execute(post)) {
        try {
            int status = response.getStatusLine().getStatusCode();
            EntityUtils.consumeQuietly(response.getEntity());
            boolean success = status == 204 || status == 200;
            logger.debugf("logout success for %s: %s", managementUrl, success);
            return Response.status(status).build();
        } finally {
            EntityUtils.consumeQuietly(response.getEntity());
        }
    }
} catch (IOException e) {
    ServicesLogger.LOGGER.logoutFailed(e, resource.getClientId());
    return Response.serverError().build();
} finally {
    if (post != null) {
        post.reset();
    }
}

登出回调的配置

1 keycloak对client的配置

2 回调方法配置

3 回调接口日志输出