Keycloak may fail to logout user session if the logout request comes from external SAML identity provider that is set up to identify principal via attributes rather than Subject Name ID. https://issues.redhat.com/browse/KEYCLOAK-17495
Affected class is present under keycloak-services jar which is only present in RHSSO and none of other Red Hat products is affected. https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
Acknowledgments: Name: Peter Mazán (peter.mazan) (TatraMed Software)
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4 for RHEL 6 Via RHSA-2021:2063 https://access.redhat.com/errata/RHSA-2021:2063
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4 for RHEL 8 Via RHSA-2021:2065 https://access.redhat.com/errata/RHSA-2021:2065
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4 for RHEL 7 Via RHSA-2021:2064 https://access.redhat.com/errata/RHSA-2021:2064
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3461
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4.7 Via RHSA-2021:2070 https://access.redhat.com/errata/RHSA-2021:2070