[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SLO: Sucess or Error Status code when Session Timeout at the SP
Hi, during intensive discussions on the Single Logout (SLO) topic, we faced the following scenario: A user was authenticated at multiple SPs and now wants to do a single logout. Therefore, the IdP issues multiple <LogoutRequest> messages to the individual SPs. However, we assume that at one SP the session with the user has already be terminated before reception of the <LogoutRequest> (e.g. through SP session timeout). Our question is: How should this SP respond to the IdP? Will the <LogoutResponse> include a "urn:oasis:names:tc:SAML:2.0:status:Success" status code because the session is already terminated and the user is logged out (even not because of the LogoutRequest), or an error status code such as "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext" or "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal"? The SAML spec does not provide any information on such a scenario. Thank you very much and best regards, Bernd
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]