Vulnerability Finding ID: VUF-24089509   Communication Date: 3/24/2021  
Vulnerability Finding Name: Keycloak broker/saml/SAMLEndpoint.java SAML Request Principal Type Handling Incomplete Backchannel Logout Local Weakness
Discussion: Keycloak broker/saml/SAMLEndpoint.java SAML Request Principal Type Handling Incomplete Backchannel Logout Local Weakness.
Keycloak contains a flaw in broker/saml/SAMLEndpoint.java that is triggered as backchannel logouts are not completed when handling logout requests from external SAML identity providers with a principal type set to attribute name.
This may allow an attacker with physical access to gain unauthorized access.
CVSS Score: 2.6
CVE-ID: CVE-2021-3461
Product: Red Hat [Keycloak (Unspecified)]

All supported DevTest releases.

It looks like the vulnerability is applicable only to SAML Identity Provider, which we are not using. We are only using OpenID Connect 1.0 identity provider.

So, we are not vulnerable with this vulnerability.
For more reference, please refer https://bugzilla.redhat.com/show_bug.cgi?id=1941565