[undertow-dev] backchannel logout in cluster

[Stuart Douglas]

I don't think there is much Undertow can do here, because this is clustered it is basically out of Undertow's control.

For a non clustered version you can just maintain your own map using session listeners, however like you say for the clustered version if you want to maintain this sort of map you will need to create an Infinispan cache to handle the mapping. 

When you mentioned an Undertow SPI what exactly did you have in mind? Some way to query the session manager based on session attributes?

Stuart


----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: undertow-dev at lists.jboss.org
> Sent: Tuesday, 15 September, 2015 1:44:22 AM
> Subject: Re: [undertow-dev] backchannel logout in cluster
> 
> I should add that SAML provides a "session index" to the web client when
> LOGIN is finished.  This index is sent with the logout request along
> with the principal name.
> 
> The only way I could think of to implement it now is to iterate on all
> sessions and compare SAML session info with attributes in each session.
>   Slow, but it would work.  Would be nice to have an Undertow SPI.
> Otherwise, I'm going to have to create a Infinispan cache specifically
> just to map
> 
> On 9/14/2015 11:27 AM, Bill Burke wrote:
> > I'm running into a problem implementing SAML backchannel logout.  Web
> > server could receive an on-of-band, non-browser HTTP request to logout
> > out a specific user and/or session.  I would need a way to lookup a
> > session by Principal and a way to associate and lookup an external key.
> >    SAML doesn't really have any way to push client specific session
> > information.
> >
> >
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>