shibboleth-dev - Logout advice
Subject: Shibboleth Developers
List archive
- From: André Cruz <>
- To:
- Subject: Logout advice
- Date: Tue, 15 Apr 2008 15:09:41 +0100
Hello.
Since Shibboleth 2.0 still doesn't have the SAML Logout functionality
I'm trying to port my 1.3 hack, because it's a requirement I have.
Background:
- we have 1 IDP and lots of SPs all under our control.
- all our users have a unique userid which is exported as an attribute
to all SPs
- The SPs all use the memcache storage service and they all use the same
memcache servers
The way I'll do this is as follows:
- Alter the StorageServiceSessionCache to "catch" new sessions and build
a map in memcache userid -> [list of session keys in memcache]
- On logout, the IDP fetches the list of sessions this user has and
deletes them. This takes care of all SP's sessions. Additionally the IDP
has a list of URLs of endpoints which take care of possible application
sessions, this URL is called with the userid as argument.
This is a HACK, I know. What I would like is to know your opinions as to
how to improve this process. I haven't had a thorough look at 2.0 yet so
there could be something new that simplifies this process. I noticed
that the SP builds a NAMEID->session map, maybe I can use this map
instead of the map I create...
Best regards,
André
- Logout advice, André Cruz, 04/15/2008
- RE: Logout advice, Scott Cantor, 04/15/2008
- Re: Logout advice, Chris G. Sellers, 04/15/2008
- RE: Logout advice, Scott Cantor, 04/15/2008
- RE: Logout advice, André Cruz, 04/15/2008
- RE: Logout advice, Scott Cantor, 04/15/2008
- RE: Logout advice, André Cruz, 04/16/2008
- Re: Logout advice, Chad La Joie, 04/16/2008
- Re: Logout advice, André Cruz, 04/16/2008
- Re: Logout advice, Chad La Joie, 04/16/2008
- Re: Logout advice, André Cruz, 04/16/2008
- RE: Logout advice, Scott Cantor, 04/16/2008
- Re: Logout advice, Chad La Joie, 04/16/2008
- RE: Logout advice, André Cruz, 04/16/2008
- RE: Logout advice, Scott Cantor, 04/15/2008
- Re: Logout advice, Chris G. Sellers, 04/15/2008
- RE: Logout advice, Scott Cantor, 04/15/2008
Archive powered by MHonArc 2.6.16.