On Mon, Jan 15, 2018 at 2:39 PM, Rasika Perera <[email protected]> wrote:
> Hi Dimuthu, > > Recently, we did a similar setup, which involves a Federated IDP of OIDC. > All internal apps configured with SAML SSO. Login flow worked smoothly with > oidc authenticator; however external apps initiated logout(inbound logout > requests from OIDC-to-SAML) and internal apps initiated logout(outbound > logout requests SAML-to-OIDC) were not supported. > This is not similar which Dimuthu has mentioned. It uses SAML2 SSO to communicate between WSO2IS & federated IDP. Are we going to support both protocols (OIDC & SAML2 SSO logout ) ? Thanks, Asela. > > [image: Inline image 1] > > @Darshana > I believe we can re-use this session management capability for our use > case as well. Then we can reduce the effort duplication. WDYT? > > Best Regards, > ~Rasika > > On Mon, Jan 15, 2018 at 1:46 PM, Dimuthu Leelarathne <[email protected]> > wrote: > >> >> >> On Mon, Jan 15, 2018 at 1:32 PM, Dimuthu Leelarathne <[email protected]> >> wrote: >> >>> Hi All, >>> >>> Please consider the below scenario. >>> >>> >>> >>> >>> >>> When the Federated IdP sends the logout request we have to logout the >>> user from the WSO2IS. The proposed POC is as follows. >>> >>> - 1 & 4 are OAuth flows >>> - 2 & 3 are SAML flows >>> >>> Participants of the discussion: Malithi, Thanuja and Dimuthu >>> >>> For the POC we will do the following. >>> >>> a) - At number 4 in the diagram, i.e. at the conclusion flow, we >>> implement a listener that would record the SAML session Index vs. session >>> Id in an appropriate data structure (for the POC it is a map). This handler >>> will be in the out-boud SAML component. >>> >>> b) - At number 5 in the diagram, i.e. when the logout request is >>> received, we wrap the request and response and send over to our >>> common-auth servelet. Here before invoking the common-auth servelet, we >>> will retrieve session Id from the map (using the SAML Session Index) and >>> set it in the wrapper object. >>> >>> @Thanuja and Malithi: Please add anything that I have missed. And also >>> appreciate code snippets for above (a) and (b). >>> >>> After the POC implementation, we will have another review. >>> >>> thank you, >>> Dimuthu >>> >>> -- >>> Dimuthu Leelarathne >>> Director, Solutions Architecture >>> >>> WSO2, Inc. (http://wso2.com) >>> email: [email protected] >>> Mobile: +94773661935 <077%20366%201935> >>> Blog: http://muthulee.blogspot.com >>> >>> Lean . Enterprise . Middleware >>> >> >> >> >> -- >> Dimuthu Leelarathne >> Director, Solutions Architecture >> >> WSO2, Inc. (http://wso2.com) >> email: [email protected] >> Mobile: +94773661935 <+94%2077%20366%201935> >> Blog: http://muthulee.blogspot.com >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > With Regards, > > *Rasika Perera* > Senior Software Engineer > LinkedIn: http://lk.linkedin.com/in/rasika90 > > <http://wso2.com/signature> > > WSO2 Inc. www.wso2.com > lean.enterprise.middleware > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933 +358 449 228 979 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
