[Openid-specs-ab] Front Channel Logout URI ?

Thomas Broyer t.broyer at gmail.com
Fri Nov 13 16:55:25 UTC 2015 

I don't remember the details of that thread mentioned by Justin, but
"onload" in JS is supposed to fire *after* all iframes have loaded:
https://jsfiddle.net/1hLovbj1/
…and the same is supposed to be true of "meta refresh".

On Thu, Nov 12, 2015 at 11:42 PM Chuck Mortimore <cmortimore at salesforce.com>
wrote:

> Register onload events for the child iframes, and fire your redirect once
> you have confidence or have given up.
>
> -cmort
>
> On Thu, Nov 12, 2015 at 2:32 PM, Mike Schwartz <mike at gluu.org> wrote:
>
>> Justin,
>>
>> Let's say we redirect with Javascript right after the page loads. The
>> iframe is detached from the parent html, so how do we know if the iframe
>> started to load before we redirect?
>>
>> Overloading one endpoint with lots of features seems complex.
>> What was the reason for this design?
>>
>> - Mike
>>
>>
>>
>> On 2015-11-12 10:49, Justin Richer wrote:
>>
>>> What's confusing about the current setup?
>>>
>>> 1) RP sends the user to the IdP's "end_session_endpoint" in the browser.
>>>
>>> 2) IdP loads a page there that includes IFrames to every active RP's
>>> "logout_uri".
>>>
>>> 3) IdP then sends a redirect to the original requesting RP's
>>> "post_logout_redirect_uri".
>>>
>>> There's nothing in the spec that even hints that the
>>> "end_session_endpoint" page not be rendered, as you hint below. In
>>> fact, the specs speak of multiple interactions including prompting the
>>> user for logout, which would require rendering a page.
>>>
>>> In the end, you're about to invent something that already exists, but
>>> do so under a different name so that your software isn't compatible
>>> with anyone else's. I wouldn't recommend that approach.
>>>
>>>  -- Justin
>>>
>>> On 11/12/2015 10:07 AM, Mike Schwartz wrote:
>>>
>>>> Mike Jones,
>>>>
>>>> Sorry, this makes no sense to us. We added a new OP Discovery param
>>>> "end_session_page" and are proceeding with that because your solution is
>>>> unworkable.
>>>>
>>>> end_session_endpoint has a post_logout_redirect_uri parameter. This
>>>> endpoint must send a redirect response to the post_logout_redirect_uri
>>>> after logout and NOT return page (with iframe).
>>>>
>>>> - Mike Schwartz
>>>>
>>>>
>>>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20151113/d558d080/attachment.html>

More information about the Openid-specs-ab mailing list