Hi Oliver,
Thanks for the information . Will raise the JIRA request.
Thanks and Regards,
__________________________________________
Julius Francis
From: Oliver Wulff <[email protected]>
To: "[email protected]" <[email protected]>
Date: 09/12/2012 11:22 PM
Subject: RE: Logout from Fediz from single web application.
Hi Julius
If you terminate the http session you are logged out of the web
application. If you access the web application again, the container
notices this is an unauthenticated request and triggers a redirect to the
IDP.
If your browser still has got a valid session with the IDP it will just
create a new token for the web application without challenging the user to
authenticate as you expect from SSO.
WS-Federation defines the single log out use case which means that you log
out in the IDP and he will log out all existing sessions with *all* web
applications. The session between the IDP and the browser is terminated as
well. Next time you access a web application, the IDP will challenge you
again.
If an application requires to re-authenticate a browser user or requires a
"fresh" token, an application can express this requirement by adding the
wfresh parameter as part of the signin request. See section 13.2.2 in [1].
>>>
wfresh
This OPTIONAL parameter indicates the freshness requirements. If
specified, this indicates the desired maximum age of authentication
specified in minutes. An IP/STS SHOULD NOT issue a token with a longer
lifetime. If specified as “0” it indicates a request for the IP/STS to
re-prompt the user for authentication before issuing the token. Note
that this serves roughly the same purpose as the Freshness element in the
WS-Trust SOAP RST messages.
>>>
Fediz doesn't support this parameter yet. It requires an enhancement for
the fediz plugin as well as the fediz idp. Feel free to raise a JIRA
request thus this requirement can be tracked.
Thanks
Oli
[1]
http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html
------
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
________________________________________
From: Julius Francis [[email protected]]
Sent: 11 September 2012 09:40
To: [email protected]
Subject: Logout from Fediz from single web application.
Hi All,
We are using Fediz in our web application . Would like to know
what we need to do to logout from web application . If we call
HttpSession.invalidate() , fediz takes controls and redirects to IDP where
the session is still active . Also I do understand the session is
created at tomcal level , how to we invalidate from application . Please
share if someone has already done.
What we want is that when user clicks on logout link , he should be
redirected to login page . How to tell IDP to redirect to login page
?(which means how to kill already existing session).
Thanks and Regards,
__________________________________________
Julius Francis
******************* PLEASE NOTE *******************
This message, along with any attachments, may be confidential or legally
privileged. It is intended only for the named person(s), who is/are the
only authorized recipients. If this message has reached you in error,
kindly destroy it without review and notify the sender immediately. Thank
you for your help.
******************* PLEASE NOTE *******************
This message, along with any attachments, may be confidential or legally
privileged. It is intended only for the named person(s), who is/are the
only authorized recipients. If this message has reached you in error,
kindly destroy it without review and notify the sender immediately. Thank
you for your help.
