projects / cascardo / ipsilon.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 93c25cc) | patch
Update IdP-initiated logout to use SAML2 Store
authorRob Crittenden <rcritten@redhat.com>
Tue, 21 Apr 2015 13:44:04 +0000 (09:44 -0400)
committerPatrick Uiterwijk <puiterwijk@redhat.com>
Mon, 11 May 2015 22:39:26 +0000 (00:39 +0200)
commit085327baa87a990d0d986861a23305dc03530d71
tree8c84a9601b63c8e73e3a2bc5573bb56648482b6dtree | snapshot
parent93c25cc530a6c1b166af729e7a95ffd2f5a6a4d4commit | diff
Update IdP-initiated logout to use SAML2 Store

This moves the order in which the "fake" session is created and
it gives it a unique ID rather than using a fixed value.

Rely on the LogoutRequest request ID so we can get the
order of logout correct.

The basic idea is a logout request is created for the IdP
containing the URL of the IdP itself as the RelayState. A
session is picked and a LogoutRequest generated and sent.

There will be a LogoutRequest/LogoutResponse back and forth
until there are no more sessions to log out. The last
session will be this "fake" session that started it all
and the user will be redirected to the main page of the IdP.

https://fedorahosted.org/ipsilon/ticket/90

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
ipsilon/providers/saml2idp.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.