Currently I’m working on a project 'Cross protocol single logout'. WSO2
Identity Server provides Single LogOut over applications, participating on
the same session over the same authentication protocol and Single SignOn
over the different protocols.

[image: 1.png]


Design and provide a solution to support cross protocol SLO

Problem :

WSO2 Identity Server supports multiple applications which are using
different authentication protocols. It does not provide cross protocol
Single Logout. For example, Assume that  you are using SAML based
application and OIDC based application is same browser session. when you
logout from a SAML based application it will only log you out from other
SAML applications not from OIDC based application with the same session.


The proposed solution for this problem is implementing a common event
handler over different protocols. When a session is terminated because of
user logout, an event should be published to invoke the ‘SLO  Event
Handler’.So 'SLO Event Handler' notifies all the inbound authenticators and
the authenticators handle respective logout actions. In order to listen the
logout event, all the respective authenticators have to be subscribed in
the ‘SLO event handler’ and have own separate event handlers to trigger the
logout for their registered applications.

[image: SolutionArchi.png]

We would like to have your feedback and suggestions in this regard.


*R. Sugirjan*
Software Engineering - Intern | WSO2

Email:  sugir...@wso2.com
Mobile: +94768489892
Architecture mailing list

Reply via email to