[security-dev] SP-initiated Single Log Out
Adam Dong
adamdong at vidder.com
Thu Dec 4 13:46:43 EST 2014
Pedro,
Thanks a lot for the reply. I should have mentioned I need to use front channel. A follow-up question: After I send ?GLO=true to my SP from a browser, ServiceProviderAuthenticator code would need to know IDP's SLO url to send SLO request, how to configure that (i.e., to let ServiceProviderAuthenticator to know IDP SLO url) ?
Thanks,
Adam
-----Original Message-----
From: Pedro Igor Silva [mailto:psilva at redhat.com]
Sent: Wednesday, December 03, 2014 5:03 PM
To: Adam Dong
Cc: security-dev at lists.jboss.org
Subject: Re: [security-dev] SP-initiated Single Log Out
Using front-channel SLO you need browser redirects. So you must send ?GLO=true to your SP from a browser.
But, if you are using back-channel SLO, I think you can invoke the IdP once with a ?GLO=true (using some http library) and it will invoke each SP to invalidate the session for the user. In this case, you need to pass the JSESSIONID from IdP, so it can restore user session and know the participants (SPs).
There is no API for that.
----- Original Message -----
From: "Adam Dong" <adamdong at vidder.com>
To: security-dev at lists.jboss.org
Sent: Wednesday, December 3, 2014 10:26:37 PM
Subject: [security-dev] SP-initiated Single Log Out
Hi,
If I'd like to, from SP-side. initiate the SLO (single log out) programmatically (suppose it is the code behind a GUI "Logout" button), how to do that (which class and which method to call) ?
Thanks,
Adam
_______________________________________________
security-dev mailing list
security-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list