I'm running into a problem implementing SAML backchannel logout. Web
server could receive an on-of-band, non-browser HTTP request to logout
out a specific user and/or session. I would need a way to lookup a
session by Principal and a way to associate and lookup an external key.
SAML doesn't really have any way to push client specific session
information.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com