You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Marc Giger (JIRA)" <ji...@apache.org> on 2013/12/19 14:56:08 UTC

[jira] [Commented] (FEDIZ-19) Single Sign Out

    [ https://issues.apache.org/jira/browse/FEDIZ-19?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13852903#comment-13852903 ] 

Marc Giger commented on FEDIZ-19:
---------------------------------

Attached a patch that implements signout / cleanup for fediz.

What it provides:
When browsing to the logout-url (configurable) on the RP the session is invalidated
and the client is redirected to the idp with the signout action parameter. Then the user
will be presented a confirmation-page (direct logout configurable). If the user clicks
on the confirm button then the logout page is presented that triggers cleanup actions
on all logged in RP's via embedded <img src="url to rp ?wa=wsignoutcleanup1.0"> 
on the logout page. (Parallel signout/cleanup approach).

Whats missing:
- signout / cleanup delegation to trusted idp's.
- redirection back to RP after logout
- direct logout url on the IDP (ATM only possible to logout on the IDP via action wa=wsignout1.0)
- more?

Apply the patch and then copy the attached logout.jpg to

plugins/jetty/src/main/resources/logout.jpg
plugins/spring/src/main/resources/logout.jpg
plugins/tomcat/src/main/resources/logout.jpg

(maybe the images should go to the core and be configurable?)

and the clientUntrusted.jks to 
systests/tomcat7/src/test/resources/clientUntrusted.jks

The clientUntrusted.jks is not required for signout but just used for an additional testcase.
Note the patch also contains test refactoring to htmlunit so that it can be
tested a little bit more easy.

> Single Sign Out
> ---------------
>
>                 Key: FEDIZ-19
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-19
>             Project: CXF-Fediz
>          Issue Type: New Feature
>          Components: IDP
>            Reporter: Romain Manni-Bucau
>         Attachments: clientUntrusted.jks, logout.jpg, signout.patch
>
>
> The goal is to invalidate all sessions of "related" webapps with a single action (button).



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)