[undertow-dev] backchannel logout in cluster
Bill Burke
bburke at redhat.com
Tue Sep 15 09:12:59 EDT 2015
On 9/14/2015 6:22 PM, Stuart Douglas wrote:
> I don't think there is much Undertow can do here, because this is clustered it is basically out of Undertow's control.
>
> For a non clustered version you can just maintain your own map using session listeners, however like you say for the clustered version if you want to maintain this sort of map you will need to create an Infinispan cache to handle the mapping.
>
> When you mentioned an Undertow SPI what exactly did you have in mind? Some way to query the session manager based on session attributes?
>
A Hack I thought of was to create an Http Session that is shared by all
requests and machines or clone the existing http session and change the
session id to an SSO session id provided by the IdP. Undertow doesn't
have a way to provide your own session id though when creating sessions.
(Jetty doesn't either, only Tomcat/JBossWeb allow this).
Better extensions to Undertow session manager would be:
* Ability to associate an alias to an http session. i.e. an SSO session ID.
* or the ability to replace the http session id, with a new one. i.e.
after authentication, replace the local http session id, with the SSO
session id
* Additionally, the ability to index http sessions (or session ids) by
principal or principal name.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the undertow-dev
mailing list