Hi Fediz Developer, I was wondering about the logout flow at the IDP. Currently we get a logout page first with a list of active RPs, then we need to confirm to do the actual logout.
The WS-Federation standard describes two actions: wsignout1.0 and wsingoutcleanup1.0 Currently we treat both actions alike in Fediz IDP. I would suggest to change the logout behavior to only show the confirm dialog if wsignout1.0 is called and after confirmation navigating to the wsingoutcleanup1.0 URL. If wsingoutcleanup1.0 is called directly we should not show a confirmation dialog but logout directly. This way we could also better support a federated logout scenario with multiple IDPs, without the need to confirm on each IDP individually. WDYT? Best regards Jan
