[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] handling of multiple SP logout
Kyle Meadors wrote on 2009-08-03: > 1. If the local session is ended at SP-B, is the proper status Responder > to the IdP or should be Success? If Success, how else should SP-B be > "configured" to return a non-Success status apart from ending is local > session? If it has some way to know that the session it's being asked to terminate was already terminated, then it can pretend to do so and return a Success. Otherwise it wouldn't know what the session was and would have to respond with an error and optionally indicate the session wasn't found/active. It's implementation and probably timing dependent. > 2. If SP-B does return a non-Success status to the IdP, what is the status > in the LogoutResponse from the IdP back to SP-A? Success/PartialLogout? > Responder/PartialLogout? Success? The protocol covers this. If the IdP action succeeds then its response is Success. If there are reasons to do so, like here, you add PartialLogout. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]