[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Question about logout
I'm not sure how to use the logout profile with this complicated case : - A SP send an authnRequest for a user to the IDP - IDP authenticate the user, create a "session" with this user, create assertion and send it to the SP - The SP received the assertion and create its own session with the user. - Latter in the process, the SP needs an assertion with a persistent ID for this user, then it send an authnRequest to the IDP, asking for a persistant identifier. - IDP already has a session with this user, so no need to reauthenticate it, it just looks for the persitent ID, and create a new assertion with it. - SP receive the new assertion. - Latter in the process, SP send to IDP a logout request with a nameID containing the persistant identifier. What should do the IDP ? kill the user session : this user will have to reauthenticate or nothing special, the user still have the session established with its real name And same question if IDP received a logout request with a NameID containing the user real name kill the user session : this user will have to reauthenticate or nothing special, the user still have the session established with the persistent ID I hope my question is clear..... Valerie
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]