On Thu, Sep 15, 2011 at 10:13 AM, Marvin Addison <marvin.addi...@gmail.com> wrote: >> and also note, that the SAML2 spec defines a front-channel SLO profile >> similar to the way you've implemented it. > > Can you cite a reference? This sounds very interesting.
http://saml.xml.org/saml-specifications 4.4 Single Logout Profile The profile allows the protocol to be combined with a synchronous binding, such as the SOAP binding, or with asynchronous "front-channel" bindings, such as the HTTP Redirect, POST, or Artifact bindings. A front-channel binding may be required, for example, in cases in which a principal's session state exists solely in a user agent in the form of a cookie and a direct interaction between the user agent and the session participant or session authority is required. As will be discussed below, session participants should if possible use a "front-channel" binding when initiating this profile to maximize the likelihood that the session authority can propagate the logout successfully to all participants." Bill > > M > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: wgt...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
