OpenID Plugin: allow max_sessions #371

nynymike · 2019-10-25T03:47:05Z

Some customers would like to limit the number of sessions a person can have active.

For example, consider this use case:

User navigates to website with Browser 1 (session 1)
User navigates to website with Browser 2 (session 2)
GG prompts user: Do you want to terminate Session 1?
GG performs back-channel logout of session 1

altexy · 2019-10-25T06:48:23Z

@nynymike
To implement this feature we need shared storage like Redis.
It would be harder to support/deploy GG, similar to true rate-limiting.

Also not sure what we may use for back-channel logout:
https://gluu.org/docs/oxd/4.0/api/#get-logout-uri

The get_logout_uri command uses front-channel logout.

nynymike · 2019-10-25T08:14:58Z

This feature is a placeholder. I don't want to implment it right away. Agreed that we'd need a shared cache. Also, Gluu Server doesn't support back channel logout today.

nynymike added the enhancement label Oct 25, 2019

nynymike added this to the 4.1 milestone Oct 25, 2019

nynymike assigned altexy and ldeveloperl1985 Oct 25, 2019

altexy removed this from the 4.1 milestone Nov 12, 2019

ldeveloperl1985 added this to the 4.3 milestone Mar 12, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OpenID Plugin: allow max_sessions #371

OpenID Plugin: allow max_sessions #371

nynymike commented Oct 25, 2019

altexy commented Oct 25, 2019

nynymike commented Oct 25, 2019

OpenID Plugin: allow max_sessions #371

OpenID Plugin: allow max_sessions #371

Comments

nynymike commented Oct 25, 2019

altexy commented Oct 25, 2019

nynymike commented Oct 25, 2019