You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Oliver Wulff (JIRA)" <ji...@apache.org> on 2012/10/01 09:57:07 UTC

[jira] [Assigned] (FEDIZ-20) IDP should maintain authentication state

     [ https://issues.apache.org/jira/browse/FEDIZ-20?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oliver Wulff reassigned FEDIZ-20:
---------------------------------

    Assignee: Oliver Wulff
    
> IDP should maintain authentication state
> ----------------------------------------
>
>                 Key: FEDIZ-20
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-20
>             Project: CXF-Fediz
>          Issue Type: Improvement
>          Components: IDP
>    Affects Versions: 1.0.0
>            Reporter: Juan Manuel CABRERA
>            Assignee: Oliver Wulff
>
> The IDP relies on the browser to cache the end user's credentials (classical way to work for a HTTP Basic authentication).
> So in the IDP there is no way to kill a end user session without killing the browser.
> The IDP should maintain these credentials (or better : the proof that these credentials were checked at some point - i.e. a token).
> If for instance this token is stored in the HTTP session, the IDP will then be capable of removing it from the session, effectively killing the authentication and forcing the end user to enter again his credentials.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira