Hi Sugirjan, First of all have you confirmed that without having this new mapping we can't do forced single logout?
If so then what you are suggesting is fine as the first phase. However as the next phase I would like to see that the session participants are centralized in the authentication framework in one place only, instead of having these kind of mappings in every inbound component. These mappings are coming from very old code, which hasn't undergone any changes for a very long time. It was OK to have them when we had just one or two inbound protocols and no authentication framework. But now since we have a authentication framework, 4 inbound protocols by default, and we can have more inbound protocols by extending, it is not a very good design anymore. Regards, Johann. On Fri, Nov 24, 2017 at 10:07 AM, Sugirjan Ragunaathan <[email protected]> wrote: > Hi, > > In the current implementation, we can get session participants from the > inbound authenticators' side by using session identifiers(SAMLSSOTokenID, > OPBSTokenId). But there is no way to handle the session participants from > the Identity framework side. Since this problem, when a user admin does a > force logout using Identity Server dashboard, Single Logout cannot be done. > > In order to handle that we have to have a mapping between Common Auth Id > and authentication protocol specific session identifiers(SAMLSSOTokenID, > OPBSTokenID). > > > If we have a mapping like this: when a force logout is done by user admin > then inbound authenticators able to handle logout for their own session > participants. So when the log out happens, an event will be initiated and > sent to all inbound logout listeners in inbound authentication components. > In that event, CommonAuthId will be sent as a property. So log out > listeners will get the event and handle it. Listeners can get own session > identifier from the CommonAuthId and send logout request to all the > participants. > > > > I created a JIRA[1] for this $subject. I would like to have your feedback > and suggestions in this regard. > > [1] https://wso2.org/jira/browse/IDENTITY-6949 > > Thank you. > > Regards. > *R. Sugirjan* > Software Engineering - Intern | WSO2 > > Email: [email protected] > Mobile: +94768489892 <+94%2076%20848%209892> > <http://wso2.com/signature> > -- Thanks & Regards, *Johann Dilantha Nallathamby* Senior Lead Solutions Engineer WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
