[mitreid-connect] simple-web-app and OIDC : single logout
Justin Richer
jricher at mit.edu
Mon Aug 17 12:57:26 EDT 2015
There’s not an exact feature roadmap, but it is likely to be implemented in 1.2.x and then back ported to 1.1.x if possible.
— Justin
> On Aug 17, 2015, at 12:33 PM, Zhanna Tsitkov <tsitkova at mit.edu> wrote:
>
> Thanks, Justin, for the info.
> If/when this feature is implemented in MitreID Connect, will it be available for 1.2.x and 1.1.x versions, or 1.2.x only?
> Thanks,
> Zhanna
> On Aug 17, 2015, at 12:23 PM, Justin Richer <jricher at MIT.EDU> wrote:
>
>> Yes, that is intentional. The web sessions between the two applications are different, and you don't want a single RP to be able to force a logout at the IdP. The OIDC Session Management spec (still in draft) does have a mechanism to let an RP request a logout at the IdP, but that has not yet been implemented in MITREid Connect.
>>
>> -- Justin
>>
>> On 8/17/2015 10:02 AM, Zhanna Tsitkov wrote:
>>> Hi,
>>> While testing with the simple-web-app I’ve noticed that logout from the application does not cause the OIDC logout. Was it intentional? What are the recommendations how to implement single logout?
>>> Thanks,
>>> Zhanna
>>> _______________________________________________
>>> mitreid-connect mailing list
>>> mitreid-connect at mit.edu
>>> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
>>
>
More information about the mitreid-connect
mailing list