I've implemented this along the lines of Jan's suggestion for 1.2.0: a) wsignout1.0 -> Prompts for confirmation by default. Confirmation can be disabled by the IdP property "rpSingleSignOutConfirmation". b) wsingoutcleanup1.0 -> Does not prompt for confirmation by default. Confirmation can be enabled by the IdP property "rpSingleSignOutCleanupConfirmation".
Colm. On Thu, Mar 19, 2015 at 12:13 PM, Jan Bernhardt <[email protected]> wrote: > Hi Oli, > > I would prefer to avoid a configuration setting for this issue. I don't > want to confuse users with too many configuration options. WDYT? > > Kind regards > Jan > > Jan Bernhardt, M.Sc. > PROFESSIONAL SERVICES CONSULTANT > [email protected] | www.talend.com > Talend Germany GmbH | Servatiusstrasse 53 - 53175 Bonn - Germany > > Visit my blog at https://janbernhardt.blogspot.de > > > -----Ursprüngliche Nachricht----- > > Von: Oliver Wulff [mailto:[email protected]] > > Gesendet: Montag, 16. März 2015 08:23 > > An: [email protected]; [email protected] > > Betreff: AW: [Fediz] Single Logout Flow at IDP > > > > Hi Jan > > What do you think about making this configurable for both cases? > > In this release we can also change the DB schema quite easily. > > Thanks > > Oli > > > > > > > > Von meinem Samsung Gerät gesendet. > > > > > > -------- Ursprüngliche Nachricht -------- > > Von: Jan Bernhardt <[email protected]> > > Datum: 13.03.2015 09:14 (GMT+01:00) > > An: [email protected], [email protected] > > Betreff: AW: [Fediz] Single Logout Flow at IDP > > > > It is not urgent from my point of view. > > > > Since the logout behavior will change I think it would be great to have > this change > > in 1.2.0 and not in a bug-fix release. But it would also be ok IMHO. > > > > Best regards > > Jan > > > > > -----Ursprüngliche Nachricht----- > > > Von: Colm O hEigeartaigh [mailto:[email protected]] > > > Gesendet: Donnerstag, 12. März 2015 17:56 > > > An: [email protected] > > > Betreff: Re: [Fediz] Single Logout Flow at IDP > > > > > > Hi Jan, > > > > > > Yeah that makes sense IMO. Perhaps a task for 1.2.1 though or do you > > > need it for 1.2.0? > > > > > > Colm. > > > > > > On Thu, Mar 12, 2015 at 4:51 PM, Jan Bernhardt <[email protected]> > > > wrote: > > > > > > > Hi Fediz Developer, > > > > > > > > I was wondering about the logout flow at the IDP. Currently we get a > > > > logout page first with a list of active RPs, then we need to confirm > > > > to do the actual logout. > > > > > > > > The WS-Federation standard describes two actions: wsignout1.0 and > > > > wsingoutcleanup1.0 > > > > > > > > Currently we treat both actions alike in Fediz IDP. I would suggest > > > > to change the logout behavior to only show the confirm dialog if > > > > wsignout1.0 is called and after confirmation navigating to the > > > wsingoutcleanup1.0 URL. > > > > If wsingoutcleanup1.0 is called directly we should not show a > > > > confirmation dialog but logout directly. > > > > > > > > This way we could also better support a federated logout scenario > > > > with multiple IDPs, without the need to confirm on each IDP > individually. > > > > > > > > WDYT? > > > > > > > > Best regards > > > > Jan > > > > > > > > > > > > > > > > > -- > > > Colm O hEigeartaigh > > > > > > Talend Community Coder > > > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
