cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: [Fediz] Single Logout Flow at IDP
Date Mon, 13 Apr 2015 15:31:08 GMT
I've implemented this along the lines of Jan's suggestion for 1.2.0:

a) wsignout1.0 -> Prompts for confirmation by default. Confirmation can be
disabled by the IdP property "rpSingleSignOutConfirmation".
b) wsingoutcleanup1.0 -> Does not prompt for confirmation by default.
Confirmation can be enabled by the IdP property
"rpSingleSignOutCleanupConfirmation".

Colm.

On Thu, Mar 19, 2015 at 12:13 PM, Jan Bernhardt <jbernhardt@talend.com>
wrote:

> Hi Oli,
>
> I would prefer to avoid a configuration setting for this issue. I don't
> want to confuse users with too many configuration options. WDYT?
>
> Kind regards
> Jan
>
> Jan Bernhardt, M.Sc.
> PROFESSIONAL SERVICES CONSULTANT
> jbernhardt@talend.com | www.talend.com
> Talend Germany GmbH | Servatiusstrasse 53 - 53175 Bonn - Germany
>
> Visit my blog at https://janbernhardt.blogspot.de
>
> > -----Ursprüngliche Nachricht-----
> > Von: Oliver Wulff [mailto:owulff@talend.com]
> > Gesendet: Montag, 16. März 2015 08:23
> > An: dev@cxf.apache.org; coheigea@apache.org
> > Betreff: AW: [Fediz] Single Logout Flow at IDP
> >
> > Hi Jan
> > What do you think about making this configurable for both cases?
> > In this release we can also change the DB schema quite easily.
> > Thanks
> > Oli
> >
> >
> >
> > Von meinem Samsung Gerät gesendet.
> >
> >
> > -------- Ursprüngliche Nachricht --------
> > Von: Jan Bernhardt <jbernhardt@talend.com>
> > Datum: 13.03.2015 09:14 (GMT+01:00)
> > An: dev@cxf.apache.org, coheigea@apache.org
> > Betreff: AW: [Fediz] Single Logout Flow at IDP
> >
> > It is not urgent from my point of view.
> >
> > Since the logout behavior will change I think it would be great to have
> this change
> > in 1.2.0 and not in a bug-fix release. But it would also be ok IMHO.
> >
> > Best regards
> > Jan
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> > > Gesendet: Donnerstag, 12. März 2015 17:56
> > > An: dev@cxf.apache.org
> > > Betreff: Re: [Fediz] Single Logout Flow at IDP
> > >
> > > Hi Jan,
> > >
> > > Yeah that makes sense IMO. Perhaps a task for 1.2.1 though or do you
> > > need it for 1.2.0?
> > >
> > > Colm.
> > >
> > > On Thu, Mar 12, 2015 at 4:51 PM, Jan Bernhardt <jbernhardt@talend.com>
> > > wrote:
> > >
> > > > Hi Fediz Developer,
> > > >
> > > > I was wondering about the logout flow at the IDP. Currently we get a
> > > > logout page first with a list of active RPs, then we need to confirm
> > > > to do the actual logout.
> > > >
> > > > The WS-Federation standard describes two actions: wsignout1.0 and
> > > > wsingoutcleanup1.0
> > > >
> > > > Currently we treat both actions alike in Fediz IDP. I would suggest
> > > > to change the logout behavior to only show the confirm dialog if
> > > > wsignout1.0 is called and after confirmation navigating to the
> > > wsingoutcleanup1.0 URL.
> > > > If wsingoutcleanup1.0 is called directly we should not show a
> > > > confirmation dialog but logout directly.
> > > >
> > > > This way we could also better support a federated logout scenario
> > > > with multiple IDPs, without the need to confirm on each IDP
> individually.
> > > >
> > > > WDYT?
> > > >
> > > > Best regards
> > > > Jan
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message