Hi Malithi, Here we have focused only for the RP initiated logout.
Once the above is done, we have to do research on what's the best OP initiated logout mechanism to choose from. At that point, we will do a study and decide what will be the most suitable approach. We can have a separate discussion, once we are at that stage. WDYT? Thanks, On Mon, Aug 5, 2019 at 11:32 PM Malithi Edirisinghe <malit...@wso2.com> wrote: > Hi Chamodi, > > So here, > - are we to follow an OIDC logout mechanism defined such as front channel > or back channel > - did we look at how other IdPs (Google, Auth0, Okta, etc) supports for > OIDC logout , whether they implement defined OIDC logout mechanisms, or > they have proprietary endpoints, etc. > > Thanks, > Malithi > > > On Mon, Aug 5, 2019 at 5:32 PM Chamodi Samarawickrama <cham...@wso2.com> > wrote: > >> The federated identity management in the Identity server currently >> enables the user to do the authorization via a federated identity provider >> and get logged to the client application. But, when logging out of the said >> client application, currently even though the user is getting logged out of >> the app, he would still be logged in to the federated identity provider. >> [image: OIDC-diagram1 (1).jpeg] >> Following to the completion of the project, the flow will look like this. >> [image: OIDC-diagram1 (2).jpeg] >> The project is planned to be carried out in following steps: >> 1. Have a logout functionality with a static endpoint >> 2. Configuring logout endpoint of federated IDP in management console >> 3. Invoking logout endpoint with id token hint >> >> For the moment, the first step is completed by overriding the >> initiateLogoutRequest method of AbstractApplicationAuthenticator class in >> the OpenIDConnectAuthenticator ( >> https://github.com/wso2-extensions/identity-outbound-auth-oidc/blob/master/components/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java >> ) class >> as follows: >> >>> protected void initiateLogoutRequest(HttpServletRequest request, >>> HttpServletResponse response, AuthenticationContext context) throws >>> LogoutFailedException { >>> try{ >>> response.sendRedirect("https://wso2is:9444/oidc/logout";); >>> } >>> catch(IOException e){ >>> e.printStackTrace(); >>> } >>> } >>> >>> The second and third phases are hoped to be carried out in the coming >> weeks. >> > > > -- > *Malithi Edirisinghe* | Technical Lead | WSO2 Inc. > (m) +94 718176807 | (w) +94 11 214 5345 | (e) malit...@wso2.com > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- Regards, *Darshana Gunawardana*Technical Lead WSO2 Inc.; http://wso2.com *E-mail: darsh...@wso2.com <darsh...@wso2.com>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
