Situation
For my web application, I have set up a keycloak (v18.0.0) realm with an external SAML IDP.
After successfully logging in, the application is using its own cookies (I can't change this since this is an external piece of software) and has a logout endpoint to destroy those cookies when visited through the browser.
In the corresponding client configuration, I set a front-channel logout URI to be called by the browser whenever a logout is triggered from the IDP.
Problem
When triggering the single sign-out from the IDP, keycloak successfully kills its own cookies but does not redirect to the front-channel logout URI, which leaves the app in a logged-in state.
Question
How can I force keycloak to trigger the front-channel logout URI on a single sign-out request?
