cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Bernhardt <jbernha...@talend.com>
Subject AW: [Fediz] Single Logout Flow at IDP
Date Wed, 15 Apr 2015 18:53:59 GMT
Perfect!

Thanks a lot!

Regards
Jan

> -----Ursprüngliche Nachricht-----
> Von: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Gesendet: Montag, 13. April 2015 17:31
> An: dev@cxf.apache.org
> Betreff: Re: [Fediz] Single Logout Flow at IDP
> 
> I've implemented this along the lines of Jan's suggestion for 1.2.0:
> 
> a) wsignout1.0 -> Prompts for confirmation by default. Confirmation can be
> disabled by the IdP property "rpSingleSignOutConfirmation".
> b) wsingoutcleanup1.0 -> Does not prompt for confirmation by default.
> Confirmation can be enabled by the IdP property
> "rpSingleSignOutCleanupConfirmation".
> 
> Colm.
> 
> On Thu, Mar 19, 2015 at 12:13 PM, Jan Bernhardt <jbernhardt@talend.com>
> wrote:
> 
> > Hi Oli,
> >
> > I would prefer to avoid a configuration setting for this issue. I
> > don't want to confuse users with too many configuration options. WDYT?
> >
> > Kind regards
> > Jan
> >
> > Jan Bernhardt, M.Sc.
> > PROFESSIONAL SERVICES CONSULTANT
> > jbernhardt@talend.com | www.talend.com Talend Germany GmbH |
> > Servatiusstrasse 53 - 53175 Bonn - Germany
> >
> > Visit my blog at https://janbernhardt.blogspot.de
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Oliver Wulff [mailto:owulff@talend.com]
> > > Gesendet: Montag, 16. März 2015 08:23
> > > An: dev@cxf.apache.org; coheigea@apache.org
> > > Betreff: AW: [Fediz] Single Logout Flow at IDP
> > >
> > > Hi Jan
> > > What do you think about making this configurable for both cases?
> > > In this release we can also change the DB schema quite easily.
> > > Thanks
> > > Oli
> > >
> > >
> > >
> > > Von meinem Samsung Gerät gesendet.
> > >
> > >
> > > -------- Ursprüngliche Nachricht --------
> > > Von: Jan Bernhardt <jbernhardt@talend.com>
> > > Datum: 13.03.2015 09:14 (GMT+01:00)
> > > An: dev@cxf.apache.org, coheigea@apache.org
> > > Betreff: AW: [Fediz] Single Logout Flow at IDP
> > >
> > > It is not urgent from my point of view.
> > >
> > > Since the logout behavior will change I think it would be great to
> > > have
> > this change
> > > in 1.2.0 and not in a bug-fix release. But it would also be ok IMHO.
> > >
> > > Best regards
> > > Jan
> > >
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> > > > Gesendet: Donnerstag, 12. März 2015 17:56
> > > > An: dev@cxf.apache.org
> > > > Betreff: Re: [Fediz] Single Logout Flow at IDP
> > > >
> > > > Hi Jan,
> > > >
> > > > Yeah that makes sense IMO. Perhaps a task for 1.2.1 though or do
> > > > you need it for 1.2.0?
> > > >
> > > > Colm.
> > > >
> > > > On Thu, Mar 12, 2015 at 4:51 PM, Jan Bernhardt
> > > > <jbernhardt@talend.com>
> > > > wrote:
> > > >
> > > > > Hi Fediz Developer,
> > > > >
> > > > > I was wondering about the logout flow at the IDP. Currently we
> > > > > get a logout page first with a list of active RPs, then we need
> > > > > to confirm to do the actual logout.
> > > > >
> > > > > The WS-Federation standard describes two actions: wsignout1.0
> > > > > and
> > > > > wsingoutcleanup1.0
> > > > >
> > > > > Currently we treat both actions alike in Fediz IDP. I would
> > > > > suggest to change the logout behavior to only show the confirm
> > > > > dialog if
> > > > > wsignout1.0 is called and after confirmation navigating to the
> > > > wsingoutcleanup1.0 URL.
> > > > > If wsingoutcleanup1.0 is called directly we should not show a
> > > > > confirmation dialog but logout directly.
> > > > >
> > > > > This way we could also better support a federated logout
> > > > > scenario with multiple IDPs, without the need to confirm on each
> > > > > IDP
> > individually.
> > > > >
> > > > > WDYT?
> > > > >
> > > > > Best regards
> > > > > Jan
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> >
> 
> 
> 
> --
> Colm O hEigeartaigh
> 
> Talend Community Coder
> http://coders.talend.com
Mime
View raw message