OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Single signout from IDP side

Yes I mean SOAP based logout initiated at IDP end, If I maintain state in my server, my server can handle multiple request how do I know which session I should invalidate, as soap logout request do not bring any user details with it nore it brings any cookie parameter


On Wed, Mar 12, 2014 at 7:57 PM, Cantor, Scott <cantor.2@osu.edu> wrote:
On 3/12/14, 5:12 AM, "Phalguni Mukherjee"
<phalgunimukherjee1007@gmail.com> wrote:

>When the user have a session timeout in IDP, it notifies SP about it, how
>to get the SP side session and invalidate in such notification, as
>notification request is a new request from IDP to SP

If you mean a SOAP based logout request, the answer is that you either
come up with a way, or you don't support it. Basically, you need server
side state/mappings, or you implement temporary server state that holds
onto the request so you can prevent the session from being used the next
time the session cookie shows up.

-- Scott





--
Thanks & Regards
Phalguni Mukherjee

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]