Skip to Content.
Sympa Menu

shibboleth-dev - Re: Logout advice

Subject: Shibboleth Developers

List archive

Re: Logout advice


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: Logout advice
  • Date: Wed, 16 Apr 2008 11:31:50 +0100
  • Openpgp: id=146B2514
  • Organization: SWITCH



André Cruz wrote:
On Tue, 2008-04-15 at 13:17 -0400, Scott Cantor wrote:
I guess this would mean that the IDP would have to store which SPs
requested the attributes of which users and sending those SPs some
logout messages with the correct NameID?
It does this already, I believe (not which attributes, that's immaterial,
just the SPs, NameID, and the SessionIndex). The session manager code is
there, just not the profile and UI code.

Maybe Chad can enlighten us on the state of this in the 2.0 IDP? Where
does the IDP store this information?

This brings me to the topic of clustering IDPs. With 1.3 I use HaShib to
distribute the Artifacts, etc. How is this done in the 2.0 IDP? I didn't
find this in the wiki... This session information also has to be shared
among the IDPs.

The IdP has a storage service interface that's pretty close to the SP's (technically this is in the OpenSAML in both cases). You can see it defined in your internal.xml config file in Shib 2. The clustering for 2.0 will be done using Terracotta and just replicating the Map at the heart of that defined storage service.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch




Archive powered by MHonArc 2.6.16.

Top of Page