cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Wulff (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (FEDIZ-20) IDP should maintain authentication state
Date Mon, 01 Oct 2012 18:49:07 GMT

     [ https://issues.apache.org/jira/browse/FEDIZ-20?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oliver Wulff resolved FEDIZ-20.
-------------------------------

       Resolution: Fixed
    Fix Version/s: 1.0.2
    
> IDP should maintain authentication state
> ----------------------------------------
>
>                 Key: FEDIZ-20
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-20
>             Project: CXF-Fediz
>          Issue Type: Improvement
>          Components: IDP
>    Affects Versions: 1.0.0
>            Reporter: Juan Manuel CABRERA
>            Assignee: Oliver Wulff
>             Fix For: 1.0.2
>
>
> The IDP relies on the browser to cache the end user's credentials (classical way to work
for a HTTP Basic authentication).
> So in the IDP there is no way to kill a end user session without killing the browser.
> The IDP should maintain these credentials (or better : the proof that these credentials
were checked at some point - i.e. a token).
> If for instance this token is stored in the HTTP session, the IDP will then be capable
of removing it from the session, effectively killing the authentication and forcing the end
user to enter again his credentials.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message