[Openid-specs-ab] Front/back-channel logout notification after RP-initiated logout
Filip Skokan
panva.ip at gmail.com
Mon Jul 2 15:25:31 UTC 2018
On Wed, Jan 17 I asked a question touching the same topic, altho that
question was probably misunderstood based on the anwer the relevant part of
your own answer was
My suggestion is to stick to the assumed contract between RP and OP. If
> a user gets effectively logged out for the concerned RP, regardless of
> how that came about, always notify the RP.
Mike Jones agreed on this and my own implementation now proceeds with front
and backchannel for all visited RPs if the prompt to OP logout is
confirmed, and only for the one RP that triggered the logout if not.
S pozdravem,
*Filip Skokan*
On Mon, Jul 2, 2018 at 4:51 PM Vladimir Dzhuvinov via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> We are having the following use case and I was wondering what the proper
> action here is:
>
> * RP registered for front and / or back-channel logout
>
> * RP makes RP-initiated logout request to the OP, per
> http://openid.net/specs/openid-connect-session-1_0.html#RPLogout
>
> * The end-user confirms (or not) logout from the OP as well
>
> * Should the OP then proceed with front / back-channel logout?
>
>
> Thanks,
>
> Vladimir
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180702/72363f41/attachment.html>
More information about the Openid-specs-ab
mailing list