cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Wulff <owu...@talend.com>
Subject AW: [Fediz] Single Logout Flow at IDP
Date Mon, 16 Mar 2015 07:22:41 GMT
Hi Jan
What do you think about making this configurable for both cases?
In this release we can also change the DB schema quite easily.
Thanks
Oli



Von meinem Samsung Gerät gesendet.


-------- Ursprüngliche Nachricht --------
Von: Jan Bernhardt <jbernhardt@talend.com>
Datum: 13.03.2015 09:14 (GMT+01:00)
An: dev@cxf.apache.org, coheigea@apache.org
Betreff: AW: [Fediz] Single Logout Flow at IDP

It is not urgent from my point of view.

Since the logout behavior will change I think it would be great to have this change in 1.2.0
and not in a bug-fix release. But it would also be ok IMHO.

Best regards
Jan

> -----Ursprüngliche Nachricht-----
> Von: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Gesendet: Donnerstag, 12. März 2015 17:56
> An: dev@cxf.apache.org
> Betreff: Re: [Fediz] Single Logout Flow at IDP
>
> Hi Jan,
>
> Yeah that makes sense IMO. Perhaps a task for 1.2.1 though or do you need it for
> 1.2.0?
>
> Colm.
>
> On Thu, Mar 12, 2015 at 4:51 PM, Jan Bernhardt <jbernhardt@talend.com>
> wrote:
>
> > Hi Fediz Developer,
> >
> > I was wondering about the logout flow at the IDP. Currently we get a
> > logout page first with a list of active RPs, then we need to confirm
> > to do the actual logout.
> >
> > The WS-Federation standard describes two actions: wsignout1.0 and
> > wsingoutcleanup1.0
> >
> > Currently we treat both actions alike in Fediz IDP. I would suggest to
> > change the logout behavior to only show the confirm dialog if
> > wsignout1.0 is called and after confirmation navigating to the
> wsingoutcleanup1.0 URL.
> > If wsingoutcleanup1.0 is called directly we should not show a
> > confirmation dialog but logout directly.
> >
> > This way we could also better support a federated logout scenario with
> > multiple IDPs, without the need to confirm on each IDP individually.
> >
> > WDYT?
> >
> > Best regards
> > Jan
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message