On 7/1/2015 7:58 AM, Stan Silvert wrote:
On 6/30/2015 6:31 PM, Bill Burke wrote:
>
> On 6/30/2015 6:26 PM, Bill Burke wrote:
>> Again, you expect this to work? If the "user" is a browser, there is
no
>> way to notify them other than the iframe + javascript trick that is
>> provided by OpenID Connect and provided support for keycloak.js
> Sorry, I mistyped:
>
> Again, *how* do you expect this to work? If the "user" is a browser,
> there is no way to notify them other than the iframe + javascript trick
> that is provided by OpenID Connect and provided support for keycloak.js
>
At this point, I don't care that much about implementation details. I
only care about what we will tell the customer about whether or not we
will implement this feature. Of course, part of the answer might depend
on how cleanly it can be implemented. But the larger question is just
about whether it is something Keycloak should provide.
Is this the kind of feature we ought to implement? I can tell them
"yes", "no", or "maybe". But no matter which one we pick,
I also need a
rationale for the decision.
We need to have backchannel logout happen when the session expiration
thread finds old sessions. Also might be useful to break out the iframe
OpenID trick into a smaller javascript library so that servlet apps can
do it.
http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com