New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement SSO from SP/IDP/oxAuth #46

Open
yurem opened this Issue Sep 18, 2018 · 4 comments

Comments

Projects
None yet
3 participants
@yurem
Contributor

yurem commented Sep 18, 2018

The entry point of logout flow should be: https://sp.gluu.org/Shibboleth.sso/Logout

@yurem yurem added this to the 3.1.5 milestone Sep 18, 2018

@yurem yurem assigned yurem and mzico Sep 18, 2018

@yurem

This comment has been minimized.

Contributor

yurem commented Nov 6, 2018

This is one of the working possible flows:
SP Logout -> https://[hostname]/idp/Authn/oxAuth/logout -> ./oxauth/restv1/end_session?… -> /idp/profile/Logout…

@mbaser

This comment has been minimized.

mbaser commented Nov 6, 2018

@yurem

This comment has been minimized.

Contributor

yurem commented Dec 12, 2018

Current Logout entry point is https://%(hostname)s/idp/Authn/oxAuth/logout
/idp/Authn/oxAuth do next:

  1. Send requests to oxAuth end_session session endpoint with post_logout_redirect_uri=https:///idp/profile/Logout
  2. After getting redirect from oxAuth to https:///idp/profile/Logout IDP do logout

If we need to call at the end SP logout https://sp.gluu.org/Shibboleth.sso/Logout we can change /opt/shibboleth-idp/views/logout.vm to call this endpoint.

With back-channel logout the flow will be simpler.

@mzico Let me know if we need to improve this flow in 4.0

@yurem yurem modified the milestones: 3.1.5, 4.0 Dec 12, 2018

@mzico

This comment has been minimized.

mzico commented Dec 12, 2018

@yurem : I have reports from two customers: number_1: Satisfied but want to customize the landing page. number_2: still testing. I think we are good to go with this solution you provided for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment