[keycloak-dev] backchannel logout for SAML SP
Bill Burke
bburke at redhat.com
Mon Sep 14 11:52:32 EDT 2015
I'm running into a problem implementing backchannel logout for our new
SAML SP. SAML has no way of transmitting client specific session
information that I can tell. So, I need some way of associating an
auth-server specific session index and the Principal so that I can look
up an Http Session and invalidate it based on one of those parameters.
We're gonna have the same exact problems when we implement the OIDC
equivalent specifics (these are new BTW).
I'm thinking of writing a simple Infinispan cache that associates
principals/session-indexes to http session ids and have it reusable
between SAML and OIDC adapters.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list