You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Marc Giger (JIRA)" <ji...@apache.org> on 2013/12/19 14:56:08 UTC
[jira] [Commented] (FEDIZ-19) Single Sign Out
[ https://issues.apache.org/jira/browse/FEDIZ-19?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13852903#comment-13852903 ]
Marc Giger commented on FEDIZ-19:
---------------------------------
Attached a patch that implements signout / cleanup for fediz.
What it provides:
When browsing to the logout-url (configurable) on the RP the session is invalidated
and the client is redirected to the idp with the signout action parameter. Then the user
will be presented a confirmation-page (direct logout configurable). If the user clicks
on the confirm button then the logout page is presented that triggers cleanup actions
on all logged in RP's via embedded <img src="url to rp ?wa=wsignoutcleanup1.0">
on the logout page. (Parallel signout/cleanup approach).
Whats missing:
- signout / cleanup delegation to trusted idp's.
- redirection back to RP after logout
- direct logout url on the IDP (ATM only possible to logout on the IDP via action wa=wsignout1.0)
- more?
Apply the patch and then copy the attached logout.jpg to
plugins/jetty/src/main/resources/logout.jpg
plugins/spring/src/main/resources/logout.jpg
plugins/tomcat/src/main/resources/logout.jpg
(maybe the images should go to the core and be configurable?)
and the clientUntrusted.jks to
systests/tomcat7/src/test/resources/clientUntrusted.jks
The clientUntrusted.jks is not required for signout but just used for an additional testcase.
Note the patch also contains test refactoring to htmlunit so that it can be
tested a little bit more easy.
> Single Sign Out
> ---------------
>
> Key: FEDIZ-19
> URL: https://issues.apache.org/jira/browse/FEDIZ-19
> Project: CXF-Fediz
> Issue Type: New Feature
> Components: IDP
> Reporter: Romain Manni-Bucau
> Attachments: clientUntrusted.jks, logout.jpg, signout.patch
>
>
> The goal is to invalidate all sessions of "related" webapps with a single action (button).
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)