[keycloak-dev] backchannel logout for SAML SP

I'm running into a problem implementing backchannel logout for our new SAML SP. SAML has no way of transmitting client specific session information that I can tell. So, I need some way of associating an auth-server specific session index and the Principal so that I can look up an Http Session and invalidate it based on one of those parameters. We're gonna have the same exact problems when we implement the OIDC equivalent specifics (these are new BTW). I'm thinking of writing a simple Infinispan cache that associates principals/session-indexes to http session ids and have it reusable between SAML and OIDC adapters. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com