[Openid-specs-ab] Front/back-channel logout notification after RP-initiated logout
Vladimir Dzhuvinov
vladimir at connect2id.com
Tue Jul 3 15:57:45 UTC 2018
Thanks Filip, I now recalled that :)
On 02/07/18 18:25, Filip Skokan wrote:
> On Wed, Jan 17 I asked a question touching the same topic, altho that
> question was probably misunderstood based on the anwer the relevant part of
> your own answer was
>
> My suggestion is to stick to the assumed contract between RP and OP. If
>> a user gets effectively logged out for the concerned RP, regardless of
>> how that came about, always notify the RP.
>
> Mike Jones agreed on this and my own implementation now proceeds with front
> and backchannel for all visited RPs if the prompt to OP logout is
> confirmed, and only for the one RP that triggered the logout if not.
>
> S pozdravem,
> *Filip Skokan*
>
>
> On Mon, Jul 2, 2018 at 4:51 PM Vladimir Dzhuvinov via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
>> We are having the following use case and I was wondering what the proper
>> action here is:
>>
>> * RP registered for front and / or back-channel logout
>>
>> * RP makes RP-initiated logout request to the OP, per
>> http://openid.net/specs/openid-connect-session-1_0.html#RPLogout
>>
>> * The end-user confirms (or not) logout from the OP as well
>>
>> * Should the OP then proceed with front / back-channel logout?
>>
>>
>> Thanks,
>>
>> Vladimir
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
More information about the Openid-specs-ab
mailing list