[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Question about logout
I'm not sure how to use the logout profile with this complicated case :
- A SP send an authnRequest for a user to the IDP
- IDP authenticate the user, create a "session" with this user, create
assertion and send it to the SP
- The SP received the assertion and create its own session with the user.
- Latter in the process, the SP needs an assertion with a persistent ID for
this user, then it send an authnRequest to the IDP, asking for a persistant
identifier.
- IDP already has a session with this user, so no need to reauthenticate
it, it just looks for the persitent ID, and create a new assertion with it.
- SP receive the new assertion.
- Latter in the process, SP send to IDP a logout request with a nameID
containing the persistant identifier.
What should do the IDP ?
kill the user session : this user will have to reauthenticate
or nothing special, the user still have the session established with its
real name
And same question if IDP received a logout request with a NameID containing
the user real name
kill the user session : this user will have to reauthenticate
or nothing special, the user still have the session established with the
persistent ID
I hope my question is clear.....
Valerie
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]