[
https://issues.apache.org/jira/browse/FEDIZ-207?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Beryozkin resolved FEDIZ-207.
------------------------------------
Resolution: Later
> FedizPrincipal interface needs to have getId() method
> -----------------------------------------------------
>
> Key: FEDIZ-207
> URL: https://issues.apache.org/jira/browse/FEDIZ-207
> Project: CXF-Fediz
> Issue Type: Improvement
> Components: IDP, Plugin
> Reporter: Sergey Beryozkin
> Attachments: fediz207.txt
>
>
> OIDC IDToken generates a random IdToken SubjectId value when it converts the
> values found in the FedizPrincipal's SAML token. The problem is that every
> time the user comes in a new subjectId is generated for the id token - while
> this value is actually expected to be identical for a given user.
> The immediate problem we face is that every client application gets an
> IdToken for a user 'alice' with the different subjectId, thus. during the
> global logout, it is impossible for each of these client applications to
> identify, from the logout token, which user to logout - because when OIDC
> LogoutService creates a logout token it uses FedizSubjectCreator to create a
> new IdToken with a newly generated subject id.
> One way to solve is to start hacking a solution involving saving it in a
> session id and then take care of removing it from the session on the logout -
> but given that every Fediz plugin takes care of dealing with FedizPrincipal
> it is better to keep 'id' at the FedizPrincipal level.
> Updating the interface with getId() will only affect the plugins and not the
> user code. Each plugin will use UUID to generate it
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
