[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: Single Logout and Session Index clarification requested
I believe you have one of the
following choices for the environment you are describeing: ·
Assign random
transient identifiers in the subject of each identifier (still meets the
requirements for anonymous access as long as you don’t reuse the identifier)
and then use this identifier on the logout. ·
assign the assertion
ID to the session Index and use that on both the assertion and logout request. ·
Don’t support logout
(since you can’t figure out which session to terminate without one of the
above). Conor From: Kent, Joann J
[mailto:Joann.Kent@ca.com] Friends, I am in need of clarification regarding the use of
SessionIndex for Single Logout using the SOAP binding. The core specification states that for Logout in general,
the SessionIndex is optional and that, when the session participant receives
the request "if no <SessionIndex> elements are supplied, then all
sessions associated with the principal MUST be invalidated." and that an
eligible assertion to logout would be one where the subject strongly matches
the BaseID, NameID or EncryptedID in the logout request (as well as the session
index and that the NotOnOrAfter attributes are still valid). My question is regarding a specific use case. One in
which the users all login anonymously.
When a LogoutRequest is sent over SOAP using a back channel, the session
participant will only be able to identify the user based on the contents of the
LogoutRequest (i.e., no cookie available for additional information). If
all users on a session participant are anonymous (i.e., they all have the same
subject) and the session authority sends a LogoutRequest without a
SessionIndex, my interpretation of the spec is that all the sessions that
strongly match that same subject be logged out; resulting in all users being
logged out. In this use case, should the session authority be required to
send the SessionIndex to indicate the proper anonymous user? Thank you, Joann Kent |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]