Sergey Beryozkin created FEDIZ-207:
--------------------------------------
Summary: FedizPrincipal interface needs to have getId() method
Key: FEDIZ-207
URL: https://issues.apache.org/jira/browse/FEDIZ-207
Project: CXF-Fediz
Issue Type: Improvement
Components: IDP, Plugin
Reporter: Sergey Beryozkin
OIDC IDToken generates a random IdToken SubjectId value when it converts the
values found in the FedizPrincipal's SAML token. The problem is that every time
the user comes in a new subjectId is generated for the id token - while this
value is actually expected to be identical for a given user.
The immediate problem we face is that every client application gets an IdToken
for a user 'alice' with the different subjectId, thus. during the global
logout, it is impossible for each of these client applications to identify,
from the logout token, which user to logout - because when OIDC LogoutService
creates a logout token it uses FedizSubjectCreator to create a new IdToken with
a newly generated subject id.
One way to solve is to start hacking a solution involving saving it in a
session id and then take care of removing it from the session on the logout -
but given that every Fediz plugin takes care of dealing with FedizPrincipal it
is better to keep 'id' at the FedizPrincipal level.
Updating the interface with getId() will only affect the plugins and not the
user code. Each plugin will use UUID to generate it
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
