cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Bernhardt <jbernha...@talend.com>
Subject AW: [Fediz] Single Logout Flow at IDP
Date Fri, 13 Mar 2015 08:12:40 GMT
It is not urgent from my point of view. 

Since the logout behavior will change I think it would be great to have this change in 1.2.0
and not in a bug-fix release. But it would also be ok IMHO. 

Best regards
Jan

> -----Ursprüngliche Nachricht-----
> Von: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Gesendet: Donnerstag, 12. März 2015 17:56
> An: dev@cxf.apache.org
> Betreff: Re: [Fediz] Single Logout Flow at IDP
> 
> Hi Jan,
> 
> Yeah that makes sense IMO. Perhaps a task for 1.2.1 though or do you need it for
> 1.2.0?
> 
> Colm.
> 
> On Thu, Mar 12, 2015 at 4:51 PM, Jan Bernhardt <jbernhardt@talend.com>
> wrote:
> 
> > Hi Fediz Developer,
> >
> > I was wondering about the logout flow at the IDP. Currently we get a
> > logout page first with a list of active RPs, then we need to confirm
> > to do the actual logout.
> >
> > The WS-Federation standard describes two actions: wsignout1.0 and
> > wsingoutcleanup1.0
> >
> > Currently we treat both actions alike in Fediz IDP. I would suggest to
> > change the logout behavior to only show the confirm dialog if
> > wsignout1.0 is called and after confirmation navigating to the
> wsingoutcleanup1.0 URL.
> > If wsingoutcleanup1.0 is called directly we should not show a
> > confirmation dialog but logout directly.
> >
> > This way we could also better support a federated logout scenario with
> > multiple IDPs, without the need to confirm on each IDP individually.
> >
> > WDYT?
> >
> > Best regards
> > Jan
> >
> >
> 
> 
> --
> Colm O hEigeartaigh
> 
> Talend Community Coder
> http://coders.talend.com
Mime
View raw message