Hi Hasintha!
On Tue, Feb 6, 2018 at 11:47 PM, Hasintha Indrajee <[email protected]> wrote: > According to the analysis, it seems like logout requests from SPs and > logout requests from IDPs look similar. @Kanapriya, were you able to skim > through specs and see whether there are differences ?. > > Yes , went through the spec [1] section 4.4 , [2] section 3.7 and it seems for both logout requests (SP initiated and FIDP initiated) are same and also I checked and compare the SAML Logout request in both cases using SAML tracer. Where also I couldn't see specific differences. [1] https://www.oasis-open.org/committees/download.php/35389/sstc-saml-profiles-errata-2.0-wd-06-diff.pdf [2] https://www.oasis-open.org/committees/download.php/7473/sstc-saml-core-2.0-draft-15-diff.pdf Thanks, Kanapriya > Also on the other hand when we have a look towards our new framework, this > looks more like an inbound connector because the request is initiated from > a third party caller. Hence it's more inbound as per our framework. WDYT ?. > Also if we are to follow this approach we need to avoid going through > loops. > > On Tue, Feb 6, 2018 at 5:09 PM, Kanapriya Kuleswararajan < > [email protected]> wrote: > >> Hi All, >> >> For the POC [1], I have registered a new servlet in >> identity-outbound-auth-samlsso authenticator and try out the FIDP initiated >> logout flow by removing the session id which is associated with the earlier >> login. >> >> Now I have tried to move the POC [1] code to support with the new >> identity framework. >> >> Here, we have a concern that whether we need to move the code to the >> *identity-inbound-auth-saml* or *identity-outbound-auth-samlsso*. >> >> IMO, we need to handle the logout request which is initiated by FIDP >> inside identity-inbound-auth-saml. Please find the reasons for that : >> >> - Generally, whenever the request comes to IS from External system, >> it will be handle by the Inbound flow (identity-inbound-auth-saml). >> - I have configured IS with two service providers (Travelocity, Avis) >> and try out the logout flow. >> - Where I'm able to see the SAML Logout Request which is exactly same >> as SAML Logout Request which is initiated by FIDP. >> - Since both SAML Logout Request are same, we can move code to >> identity-inbound-auth-saml. >> >> Appreciate your thoughts on this. >> >> [1] Federated IdP Initiated Logout >> >> Thanks, >> Kanapriya >> >> Kanapriya Kuleswararajan >> Software Engineer >> Mobile : - 0774894438 <077%20489%204438> >> Mail : - [email protected] >> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ >> WSO2, Inc. >> lean . enterprise . middleware >> >> > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
