OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SLO: Sucess or Error Status code when Session Timeout at the SP


during intensive discussions on the Single Logout (SLO) topic, we faced
the following scenario:

A user was authenticated at multiple SPs and now wants to do a single
logout. Therefore, the IdP issues multiple <LogoutRequest> messages to
the individual SPs. However, we assume that at one SP the session with
the user has already be terminated before reception of the
<LogoutRequest> (e.g. through SP session timeout).

Our question is: How should this SP respond to the IdP?
Will the <LogoutResponse> include a
"urn:oasis:names:tc:SAML:2.0:status:Success" status code because the
session is already terminated and the user is logged out (even not
because of the LogoutRequest), or an error status code such as
"urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext" or

The SAML spec does not provide any information on such a scenario.

Thank you very much and best regards,

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]