Can't we have IdP init SLO for this? Catch would be, Bob will be redirected to SP again, and SP should send him back to IS. Also, custom cookies need to be cleared - that could be done from the login JSP it self.
On Thu, Mar 2, 2017 at 11:10 PM, Prabath Siriwardena <prab...@wso2.com> wrote: > > > On Wed, Mar 1, 2017 at 9:04 PM, Thanuja Jayasinghe <than...@wso2.com> > wrote: > >> Hi Pulasthi, >> >> The best approach is to ask Alice to log-out when she leaves the browser. >> > > Bad Alice, never does that... > > Thanks & regards, > -Prabath > > >> >> Or from the application side, we can give an option like "fresh-login" >> which sends a "forceAuth=true" request to the IS. So he will go through the >> authentication process again. >> >> Thanks, >> Thanuja >> >> >> On Thu, Mar 2, 2017 at 3:14 AM, Pulasthi Mahawithana <pulast...@wso2.com> >> wrote: >> >>> In IS 5.3.0, I have configured the authentication flow for an >>> application to have 3 steps. During the authentication flow, the users may >>> remember the result of the first two steps (using cookies) in their initial >>> login. So, in subsequent logins they'll see the third step straight away in >>> which they always need to get authenticated. >>> >>> Let's say 'Alice' logs in and remember the result for the first two >>> steps and finish her work. After some time 'Bob' also use the same browser >>> and try to login. He won't see the first two steps because there is an >>> already remembered result from Alice's login. But in the third step he >>> can't authenticate because he doesn't know Alice's credentials (and he >>> intend to login as 'Bob'). So he needs to start over the flow as 'Bob'. >>> When he does so, at IS, we should clear the remembered results for 'Alice' >>> and allow the the user to try with a different username (This time he >>> should get authenticated from all 3 steps). How can we achieve this >>> requirement? Is there a known approach? >>> >>> >>> -- >>> *Pulasthi Mahawithana* >>> Senior Software Engineer >>> WSO2 Inc., http://wso2.com/ >>> Mobile: +94-71-5179022 <+94%2071%20517%209022> >>> Blog: https://medium.com/@pulasthi7/ >>> >>> <https://wso2.com/signature> >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Thanuja Lakmal* >> Senior Software Engineer >> WSO2 Inc. http://wso2.com/ >> *lean.enterprise.middleware* >> Mobile: +94715979891 +94758009992 >> > > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 <+1%20650-625-7950> > > http://facilelogin.com > -- Thanks & Regards, Dulanja Liyanage Lead, Platform Security Team WSO2 Inc.
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
