Spring Security Keycloaksession is not accessible in spring xml based project.

I have used spring-security adaptor for keycloack configration. spring-security- 3.2.5 keycloak-4.6 jar spring-security.xml is

 <security:http  pattern="/sso/**" auto-config="false" use-expressions="true" entry-point-ref="keycloakAuthenticationEntryPoint" authentication-manager-ref="authenticationManagerKeycloak">
    <security:custom-filter ref="keycloakAuthenticationProcessingFilter" before="FORM_LOGIN_FILTER" />        
    <security:intercept-url pattern="/sso/**" access="hasRole('ROLE_ADMIN')" />
    <security:custom-filter   ref="logoutFilter" position="LOGOUT_FILTER" />
    <session-management session-authentication-strategy-ref="sas">
 </session-management>
</security:http>

<context:component-scan base-package="org.keycloak.adapters.springsecurity" />

<!-- Authentication manager configuration for Keycloak login -->
<authentication-manager id="authenticationManagerKeycloak" alias="authenticationManagerKeycloak"   >
    <authentication-provider ref="keycloakAuthenticationProvider" />
</authentication-manager>

 <beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
    <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry"></beans:constructor-arg>
    <beans:constructor-arg name="expiredUrl" value="/sso"></beans:constructor-arg>
</beans:bean>

<beans:bean id="adapterDeploymentContext" class="org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean">
    <beans:constructor-arg value="/WEB-INF/keycloak.json" />
</beans:bean>

class="com.elitecore.sm.iam.service.keycloackAuthenticationProviderImpl"/>

<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <beans:constructor-arg name="logoutSuccessUrl" value="/sso" />
    <beans:constructor-arg name="handlers" >
        <beans:list>
            <beans:ref bean="keycloakLogoutHandler" />
            <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
        </beans:list>
    </beans:constructor-arg>
    <beans:property name="logoutRequestMatcher">
        <beans:bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
            <beans:constructor-arg name="pattern" value="/sso/j_spring_security_logout" />
            <beans:constructor-arg name="httpMethod" value="POST" />
        </beans:bean>
    </beans:property>
</beans:bean>
<!-- Configuration to Keycloak Server Ends-->

Still it is not invalidate keycloak session on token->keycloaksession timeout

https://github.com/spring-projects/spring-security/pull/217

Comment From: rwinch

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.

Comment From: marcusdacoregio

Closing this since there wasn't any updates