cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Bernhardt <jbernha...@talend.com>
Subject [Fediz] Single Logout Flow at IDP
Date Thu, 12 Mar 2015 16:51:40 GMT
Hi Fediz Developer,

I was wondering about the logout flow at the IDP. Currently we get a logout page first with
a list of active RPs, then we need to confirm to do the actual logout.

The WS-Federation standard describes two actions: wsignout1.0 and wsingoutcleanup1.0

Currently we treat both actions alike in Fediz IDP. I would suggest to change the logout behavior
to only show the confirm dialog if wsignout1.0 is called and after confirmation navigating
to the wsingoutcleanup1.0 URL. If wsingoutcleanup1.0 is called directly we should not show
a confirmation dialog but logout directly.

This way we could also better support a federated logout scenario with multiple IDPs, without
the need to confirm on each IDP individually.

WDYT?

Best regards
Jan


Mime
View raw message