On Tue, Aug 6, 2019 at 8:00 AM Darshana Gunawardana <[email protected]> wrote:
> Hi Malithi, > > Here we have focused only for the RP initiated logout. > > Once the above is done, we have to do research on what's the best OP > initiated logout mechanism to choose from. At that point, we will do a > study and decide what will be the most suitable approach. We can have a > separate discussion, once we are at that stage. WDYT? > +1 > > Thanks, > > On Mon, Aug 5, 2019 at 11:32 PM Malithi Edirisinghe <[email protected]> > wrote: > >> Hi Chamodi, >> >> So here, >> - are we to follow an OIDC logout mechanism defined such as front >> channel or back channel >> > - did we look at how other IdPs (Google, Auth0, Okta, etc) supports for >> OIDC logout , whether they implement defined OIDC logout mechanisms, or >> they have proprietary endpoints, etc. >> >> Thanks, >> Malithi >> >> >> On Mon, Aug 5, 2019 at 5:32 PM Chamodi Samarawickrama <[email protected]> >> wrote: >> >>> The federated identity management in the Identity server currently >>> enables the user to do the authorization via a federated identity provider >>> and get logged to the client application. But, when logging out of the said >>> client application, currently even though the user is getting logged out of >>> the app, he would still be logged in to the federated identity provider. >>> [image: OIDC-diagram1 (1).jpeg] >>> Following to the completion of the project, the flow will look like this. >>> [image: OIDC-diagram1 (2).jpeg] >>> The project is planned to be carried out in following steps: >>> 1. Have a logout functionality with a static endpoint >>> 2. Configuring logout endpoint of federated IDP in management console >>> 3. Invoking logout endpoint with id token hint >>> >>> For the moment, the first step is completed by overriding the >>> initiateLogoutRequest method of AbstractApplicationAuthenticator class in >>> the OpenIDConnectAuthenticator ( >>> https://github.com/wso2-extensions/identity-outbound-auth-oidc/blob/master/components/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java >>> ) class >>> as follows: >>> >>>> protected void initiateLogoutRequest(HttpServletRequest request, >>>> HttpServletResponse response, AuthenticationContext context) throws >>>> LogoutFailedException { >>>> try{ >>>> response.sendRedirect("https://wso2is:9444/oidc/logout";); >>>> } >>>> catch(IOException e){ >>>> e.printStackTrace(); >>>> } >>>> } >>>> >>>> The second and third phases are hoped to be carried out in the coming >>> weeks. >>> >> >> >> -- >> *Malithi Edirisinghe* | Technical Lead | WSO2 Inc. >> (m) +94 718176807 | (w) +94 11 214 5345 | (e) [email protected] >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> > > > -- > Regards, > > > *Darshana Gunawardana*Technical Lead > WSO2 Inc.; http://wso2.com > > *E-mail: [email protected] <[email protected]>* > *Mobile: +94718566859*Lean . Enterprise . Middleware > -- *Malithi Edirisinghe* | Technical Lead | WSO2 Inc. (m) +94 718176807 | (w) +94 11 214 5345 | (e) [email protected] GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
