I should add that SAML provides a "session index" to the web client when
LOGIN is finished. This index is sent with the logout request along
with the principal name.
The only way I could think of to implement it now is to iterate on all
sessions and compare SAML session info with attributes in each session.
Slow, but it would work. Would be nice to have an Undertow SPI.
Otherwise, I'm going to have to create a Infinispan cache specifically
just to map
On 9/14/2015 11:27 AM, Bill Burke wrote:
I'm running into a problem implementing SAML backchannel logout.
Web
server could receive an on-of-band, non-browser HTTP request to logout
out a specific user and/or session. I would need a way to lookup a
session by Principal and a way to associate and lookup an external key.
SAML doesn't really have any way to push client specific session
information.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com