Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

identity-brokering

Describe the bug

when setup Keycloak as Identity Proxy to call other Identity Provider( i.e., another Keycloak instance), the clients at Proxy are set to front channel logout,

and the Identity Provider at Proxy is set to front channel logout as well( with "Backchannle logout" turned off)

when logout from Keycloak(Identity Proxy), the sessions at Identity Proxy and Identity Provider are terminated as expected, but there is no call to the applications front channel logout URLs.

Version

23.0.1( tried old versions as well, 22.0.5, and so on)

Expected behavior

1. the logout confirm page is showing which has the iframes calling to applications' front channel logout urls.
2. both sessions at Identity Proxy and Identity Provider are terminated.

Actual behavior

1. no calling to applications' front channel logout urls. even there are logs like this
   frontchannel logout to: xxxx (xxxx is the client id)
2. both sessions at Identity Proxy and Identity Provider are terminated.

How to Reproduce?

1. set up two Keycloak at docker-compose, one is Identity Proxy, the other is Identity Provider, make sure the "Backchannel logout' is turned off at the Identity Provider in Identity Proxy
2. create two clients at Identity Proxy, and set the Front Channel Logout URL
3. create two application and implement front channel endpoint, make sure adding logging, and configure these applications to connect to Identity Proxy as OIDC provider
4. logout from one application or from the logout URL of Identity Proxy, we will see the applications are not called

Anything else?

I have a potential fix. before creating a PR, I want to double check if it is a bug.