summaryrefslogtreecommitdiffstats
path: root/ipsilon/providers/saml2/logout.py
Commit message (Collapse)AuthorAgeFilesLines
* Add support for logout over SOAPRob Crittenden2015-07-161-15/+74
| | | | | | | | | | | | | | As each login session comes in, store the supported logout mechanisms in the SP metadata. Upon a logout request, loop through all of those SP's that support SOAP and log those out first, then log out any remaining sessions using HTTP Redirect. https://fedorahosted.org/ipsilon/ticket/59 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Use plugin-specific configuration, better expirationRob Crittenden2015-05-121-2/+1
| | | | | | | | | | | | | Use a SAML2 plugin specific option to specify the database uri for sessions. Use a much more robust method to find sessions that need expiration (thanks Patrick). https://fedorahosted.org/ipsilon/ticket/90 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Convert logout code to use SAML2 StoreRob Crittenden2015-05-121-40/+38
| | | | | | | | | | | | | | This is functionally the same. The primary differences are: - When logging out, fetch all requested session indexes in the LogoutRequest. - Store the LogoutRequest request ID to be used later when a LogoutResponse is received to look up the logout. https://fedorahosted.org/ipsilon/ticket/90 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Update Copyright header point to COPYING fileRob Crittenden2015-05-081-16/+1
| | | | | | | | | | | | Point to a file containing the license rather than including it in every single source file. This will make it easier to manage the license in the future without another humongous commit. https://fedorahosted.org/ipsilon/ticket/126 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Try to return a redirect instead a 400 for "not logged in" stateRob Crittenden2015-03-271-9/+43
| | | | | | | | | | | | If the user is not logged in and submits a valid logout request then just redirect the user to the RelayState in the request indicating that the logout was successful. This provides a better user experience. https://fedorahosted.org/ipsilon/ticket/88 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* When a new logout session is received, save old session idsRob Crittenden2015-03-231-0/+4
| | | | | | | | | | | | | | | When a new login session is received and an existing session exists in logout, save the old session IDs. These will be included in the sessions to logout of the SP. This will ensure that if the user clears their cookie cache, for example, that any previous sessions will also be logged out. https://fedorahosted.org/ipsilon/ticket/64 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
* Implement Single Logout Service for SP-initiated logoutRob Crittenden2015-02-131-0/+265
https://fedorahosted.org/ipsilon/ticket/24 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-26 02:31:49 +0000