[Openid-specs-ab] Front Channel Logout URI ?

Mike Schwartz mike at gluu.org
Thu Nov 12 15:07:26 UTC 2015 

Mike Jones,

Sorry, this makes no sense to us. We added a new OP Discovery param 
"end_session_page" and are proceeding with that because your solution is 
unworkable.

end_session_endpoint has a post_logout_redirect_uri parameter. This 
endpoint must send a redirect response to the post_logout_redirect_uri 
after logout and NOT return page (with iframe).

- Mike Schwartz


-------- Original Message --------
Subject: Re: Fwd: RE: [Openid-specs-ab] Front Channel Logout URI ?
Date: 2015-11-03 07:23
 From: yuriy at gluu.org
To: Mike Schwartz <mike at gluu.org>

I don't understand it.


> -------- Original Message --------
> Subject: RE: [Openid-specs-ab] Front Channel Logout URI ?
> Date: 2015-11-02 18:32
> From: Mike Jones <Michael.Jones at microsoft.com>
> To: Mike Schwartz <mike at gluu.org>, "openid-specs-ab at lists.openid.net"
> <openid-specs-ab at lists.openid.net>
> 
> Yes, the end_session_endpoint OP discovery URL can be used by RPs to
> trigger logout at the OP.  This is true for all three of the session
> management/logout specifications.  This functionality is shared
> between all of them.  There's no "differentiation", by design.
> 
> Answering your specific question, it's up to the OP whether it renders
> the front channel logout iframes in the page at the location specified
> by end_session_endpoint OP discovery URL or a different page at an
> unspecified URL controlled by the OP that it redirects to.
> 
> 				-- Mike
> 
> -----Original Message-----
> From: Openid-specs-ab
> [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike
> Schwartz
> Sent: Tuesday, November 03, 2015 3:48 AM
> To: openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] Front Channel Logout URI ?
> 
> 
> Mike Jones,
> 
> Are you suggesting that the "end_session_endpoint" OP discovery claim
> would return this page with the iframe(s) in it? If so, how would one
> differentiate it from the session management API?
> 
> - Mike
> 
> 
>> I should have been more specific...
>> 
>> http://openid.net/specs/openid-connect-logout-1_0.html
>> mentions that the OP renders <iframe src="logout_uri"> in a **page**
>> 
>> What is the url of the **page** on the OP? The logout_uri is defined
>> as a resouce on the RP. How would the RP retrieve this **page**?
>> 
>> - Mike Schwartz
>> 
> 
> -------------------------------------
> Michael Schwartz
> Gluu
> Founder / CEO
> mike at gluu.org
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-- 
-------------------------------------
Michael Schwartz
Gluu
Founder / CEO
mike at gluu.org

More information about the Openid-specs-ab mailing list