On 10/2/2015 6:08 AM, Michael Gerber wrote:
Let’s summarize it up:
1. Add a logout cookie after successful logout with the identity token
of the user
2. Skip all authenticators with the automaticLogin flag if a logout
cookie exists and show instead the “is this you” page
3 If the user press, “yes this is me” than the login is succeeded,
otherwise the next authenticator will be displayed.
If everyone agrees with this workflow, than I’m going to create a PR for
that, if thats ok?
I do not agree with this approach. See my previous email.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com