[Openid-specs-ab] Front Channel Logout URI ?

Chuck Mortimore cmortimore at salesforce.com
Thu Nov 12 22:36:56 UTC 2015 

Register onload events for the child iframes, and fire your redirect once
you have confidence or have given up.

-cmort

On Thu, Nov 12, 2015 at 2:32 PM, Mike Schwartz <mike at gluu.org> wrote:

> Justin,
>
> Let's say we redirect with Javascript right after the page loads. The
> iframe is detached from the parent html, so how do we know if the iframe
> started to load before we redirect?
>
> Overloading one endpoint with lots of features seems complex.
> What was the reason for this design?
>
> - Mike
>
>
>
> On 2015-11-12 10:49, Justin Richer wrote:
>
>> What's confusing about the current setup?
>>
>> 1) RP sends the user to the IdP's "end_session_endpoint" in the browser.
>>
>> 2) IdP loads a page there that includes IFrames to every active RP's
>> "logout_uri".
>>
>> 3) IdP then sends a redirect to the original requesting RP's
>> "post_logout_redirect_uri".
>>
>> There's nothing in the spec that even hints that the
>> "end_session_endpoint" page not be rendered, as you hint below. In
>> fact, the specs speak of multiple interactions including prompting the
>> user for logout, which would require rendering a page.
>>
>> In the end, you're about to invent something that already exists, but
>> do so under a different name so that your software isn't compatible
>> with anyone else's. I wouldn't recommend that approach.
>>
>>  -- Justin
>>
>> On 11/12/2015 10:07 AM, Mike Schwartz wrote:
>>
>>> Mike Jones,
>>>
>>> Sorry, this makes no sense to us. We added a new OP Discovery param
>>> "end_session_page" and are proceeding with that because your solution is
>>> unworkable.
>>>
>>> end_session_endpoint has a post_logout_redirect_uri parameter. This
>>> endpoint must send a redirect response to the post_logout_redirect_uri
>>> after logout and NOT return page (with iframe).
>>>
>>> - Mike Schwartz
>>>
>>>
>>> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20151112/fda0fdaa/attachment.html>

More information about the Openid-specs-ab mailing list