Re: [undertow-dev] backchannel logout in cluster

From: "Bill Burke" <bburke(a)redhat.com&gt; To: "Stuart Douglas" <sdouglas(a)redhat.com&gt; Cc: undertow-dev(a)lists.jboss.org Sent: Tuesday, 15 September, 2015 11:12:59 PM Subject: Re: [undertow-dev] backchannel logout in cluster On 9/14/2015 6:22 PM, Stuart Douglas wrote: > I don't think there is much Undertow can do here, because this is clustered > it is basically out of Undertow's control. > > For a non clustered version you can just maintain your own map using > session listeners, however like you say for the clustered version if you > want to maintain this sort of map you will need to create an Infinispan > cache to handle the mapping. > > When you mentioned an Undertow SPI what exactly did you have in mind? Some > way to query the session manager based on session attributes? > A Hack I thought of was to create an Http Session that is shared by all requests and machines or clone the existing http session and change the session id to an SSO session id provided by the IdP. Undertow doesn't have a way to provide your own session id though when creating sessions. (Jetty doesn't either, only Tomcat/JBossWeb allow this).

Better extensions to Undertow session manager would be: * Ability to associate an alias to an http session. i.e. an SSO session ID. * or the ability to replace the http session id, with a new one. i.e. after authentication, replace the local http session id, with the SSO session id

* Additionally, the ability to index http sessions (or session ids) by principal or principal name.

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com