Re: [Architecture] Supporting OpenId-Connect Session Management
Hi folks, Just saw this thread and as Dulanja mentioned, implementing session management spec is should be our one of top priority on our roadmap for OAuth\OIDC area. I have started a thread on Dev [1] on some user stories which clients expects from a IdP and it seems without having OIDC session management spec implemented, IdP can only handle very limited functionalities. [1] Subject : [Dev] Single Logout for OIDC Service Providers Thanks, Darshana On Sun, Dec 14, 2014 at 6:46 PM, Dulanja Liyanage wrote: > > +1 > > When compared to SAML web authentication, the major functionality missing > in the current OpenID Connect implementation is the logout capability. > > IMO we must at least provide that from session management spec. > > On Fri, Dec 12, 2014 at 3:45 PM, Asela Pathberiya wrote: > >> Hi Prabath/Johann, >> >> It seems to be that we are supporting only the openid connect core >> specification. Is there any idea to support other profiles such as >> session management [1] ? If we are supporting this [1] profile.. I >> hope that we can easily implement end to end web SSO with OpenID >> connect with out using SAML? Also.I think, It would be easy to >> support this [1] profile in Identity Server. I am sorry... I can not >> find any OpenId connect profiles in Identity Server road map except >> the core. It seems to be that most of the other Identity Providers are >> supporting them. Any idea to add this in to Identity Server's road >> map soon? >> >> [1] http://openid.net/specs/openid-connect-session-1_0.html >> [2] >> http://stackoverflow.com/questions/21248519/openid-connect-will-eventually-replace-saml-as-the-dominant-protocol-for-sso >> >> Thanks, >> Asela. >> >> -- >> Thanks & Regards, >> Asela >> >> ATL >> Mobile : +94 777 625 933 >> +358 449 228 979 >> ___ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > > > -- > Dulanja Liyanage > WSO2 Inc. > M: +94776764717 > > ___ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Regards, *Darshana Gunawardana*Software Engineer WSO2 Inc.; http://wso2.com *E-mail: darsh...@wso2.com * *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Supporting OpenId-Connect Session Management
+1 When compared to SAML web authentication, the major functionality missing in the current OpenID Connect implementation is the logout capability. IMO we must at least provide that from session management spec. On Fri, Dec 12, 2014 at 3:45 PM, Asela Pathberiya wrote: > > Hi Prabath/Johann, > > It seems to be that we are supporting only the openid connect core > specification. Is there any idea to support other profiles such as > session management [1] ? If we are supporting this [1] profile.. I > hope that we can easily implement end to end web SSO with OpenID > connect with out using SAML? Also.I think, It would be easy to > support this [1] profile in Identity Server. I am sorry... I can not > find any OpenId connect profiles in Identity Server road map except > the core. It seems to be that most of the other Identity Providers are > supporting them. Any idea to add this in to Identity Server's road > map soon? > > [1] http://openid.net/specs/openid-connect-session-1_0.html > [2] > http://stackoverflow.com/questions/21248519/openid-connect-will-eventually-replace-saml-as-the-dominant-protocol-for-sso > > Thanks, > Asela. > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 > +358 449 228 979 > ___ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- Dulanja Liyanage WSO2 Inc. M: +94776764717 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Supporting OpenId-Connect Session Management
+1 for adding openid connect session management for Identity Server road map also there are other profiles like Discovery and Registration which are need to be implemented in near future. Currently we have a limitation to provide public key to client side without Discovery and Registration profiles. [3]http://openid.net/specs/openid-connect-discovery-1_0.html [4]http://openid.net/specs/openid-connect-registration-1_0.html On Fri, Dec 12, 2014 at 3:45 PM, Asela Pathberiya wrote: > > Hi Prabath/Johann, > > It seems to be that we are supporting only the openid connect core > specification. Is there any idea to support other profiles such as > session management [1] ? If we are supporting this [1] profile.. I > hope that we can easily implement end to end web SSO with OpenID > connect with out using SAML? Also.I think, It would be easy to > support this [1] profile in Identity Server. I am sorry... I can not > find any OpenId connect profiles in Identity Server road map except > the core. It seems to be that most of the other Identity Providers are > supporting them. Any idea to add this in to Identity Server's road > map soon? > > [1] http://openid.net/specs/openid-connect-session-1_0.html > [2] > http://stackoverflow.com/questions/21248519/openid-connect-will-eventually-replace-saml-as-the-dominant-protocol-for-sso > > Thanks, > Asela. > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 > +358 449 228 979 > ___ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: ga...@wso2.com Mobile: +94 (71) 8020933 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] Supporting OpenId-Connect Session Management
Hi Prabath/Johann, It seems to be that we are supporting only the openid connect core specification. Is there any idea to support other profiles such as session management [1] ? If we are supporting this [1] profile.. I hope that we can easily implement end to end web SSO with OpenID connect with out using SAML? Also.I think, It would be easy to support this [1] profile in Identity Server. I am sorry... I can not find any OpenId connect profiles in Identity Server road map except the core. It seems to be that most of the other Identity Providers are supporting them. Any idea to add this in to Identity Server's road map soon? [1] http://openid.net/specs/openid-connect-session-1_0.html [2] http://stackoverflow.com/questions/21248519/openid-connect-will-eventually-replace-saml-as-the-dominant-protocol-for-sso Thanks, Asela. -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933 +358 449 228 979 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
