Hi, In the current implementation, we can get session participants from the inbound authenticators' side by using session identifiers(SAMLSSOTokenID, OPBSTokenId). But there is no way to handle the session participants from the Identity framework side. Since this problem, when a user admin does a force logout using Identity Server dashboard, Single Logout cannot be done.
In order to handle that we have to have a mapping between Common Auth Id and authentication protocol specific session identifiers(SAMLSSOTokenID, OPBSTokenID). If we have a mapping like this: when a force logout is done by user admin then inbound authenticators able to handle logout for their own session participants. So when the log out happens, an event will be initiated and sent to all inbound logout listeners in inbound authentication components. In that event, CommonAuthId will be sent as a property. So log out listeners will get the event and handle it. Listeners can get own session identifier from the CommonAuthId and send logout request to all the participants. I created a JIRA[1] for this $subject. I would like to have your feedback and suggestions in this regard. [1] https://wso2.org/jira/browse/IDENTITY-6949 Thank you. Regards. *R. Sugirjan* Software Engineering - Intern | WSO2 Email: [email protected] Mobile: +94768489892 <+94%2076%20848%209892> <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
