On Thu, Aug 10, 2017 at 12:11 PM, KasunG Gajasinghe <kas...@wso2.com> wrote:
> Can you list possible customer usecases on why they want to use this?
The main usecases are
1. If user using multiple applications which supports different
authentication protocols on same browser session and user gets logout from
one application, then he will be automatically logged out from all other
applications. For example if user user use SAML based application and OIDC
based Application on same browser session and if he logs out from SAML
based application then automatically he will be logged out from OIDC based
Currently Identity Server supports only for Cross protocol Single Login
2. If user administrator wants to logout from all the applications which
are emerged with Identity Server on same browser session, he can do force
logout from all those applications without regard to authentication
protocols that are supported. For example if any security breaches is
happened and admin user want to logout from all the applications he can
initiate a force logout request for them.
On Thu, Aug 10, 2017 at 11:47 AM, Sugirjan Ragunaathan <sugir...@wso2.com>
> Currently I’m working on a project 'Cross protocol single logout'. WSO2
> Identity Server provides Single LogOut over applications, participating on
> the same session over the same authentication protocol and Single SignOn
> over the different protocols.
> [image: 1.png]
> Design and provide a solution to support cross protocol SLO
> Problem :
> WSO2 Identity Server supports multiple applications which are using
> different authentication protocols. It does not provide cross protocol
> Single Logout. For example, Assume that you are using SAML based
> application and OIDC based application is same browser session. when you
> logout from a SAML based application it will only log you out from other
> SAML applications not from OIDC based application with the same session.
> The proposed solution for this problem is implementing a common event
> handler over different protocols. When a session is terminated because of
> user logout, an event should be published to invoke the ‘SLO Event
> Handler’.So 'SLO Event Handler' notifies all the inbound authenticators and
> the authenticators handle respective logout actions. In order to listen
> the logout event, all the respective authenticators have to be subscribed
> in the ‘SLO event handler’ and have own separate event handlers to trigger
> the logout for their registered applications.
> [image: SolutionArchi.png]
> We would like to have your feedback and suggestions in this regard.
> *R. Sugirjan*
> Software Engineering - Intern | WSO2
> Email: sugir...@wso2.com
> Mobile: +94768489892 <076%20848%209892>
*Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc.
email: kasung AT spamfree wso2.com
phone: +1 650-745-4499 <(650)%20745-4499>, 77 678 0813
Software Engineering - Intern | WSO2
Architecture mailing list