diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2015-04-21 09:44:04 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2015-05-11 16:47:22 -0400 |
| commit | acc8954e5812fa65040192e92170b05beada359f (patch) | |
| tree | 8c84a9601b63c8e73e3a2bc5573bb56648482b6d /ipsilon/providers/saml2/provider.py | |
| parent | 0d953410a7bfe4dec208eb9b9b709139ce652ab7 (diff) | |
| download | ipsilon.git-acc8954e5812fa65040192e92170b05beada359f.tar.gz ipsilon.git-acc8954e5812fa65040192e92170b05beada359f.tar.xz ipsilon.git-acc8954e5812fa65040192e92170b05beada359f.zip | |
Update IdP-initiated logout to use SAML2 Store
This moves the order in which the "fake" session is created and
it gives it a unique ID rather than using a fixed value.
Rely on the LogoutRequest request ID so we can get the
order of logout correct.
The basic idea is a logout request is created for the IdP
containing the URL of the IdP itself as the RelayState. A
session is picked and a LogoutRequest generated and sent.
There will be a LogoutRequest/LogoutResponse back and forth
until there are no more sessions to log out. The last
session will be this "fake" session that started it all
and the user will be redirected to the main page of the IdP.
https://fedorahosted.org/ipsilon/ticket/90
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipsilon/providers/saml2/provider.py')
0 files changed, 0 insertions, 0 deletions