Make the inbound message issuer (SP's entity ID) available to logout.jsp
Key details
Basics
Logistics
Basics
Logistics
Description
When customizing logout.jsp for the SLO profile handler in 2.4.0, we encountered a shortcoming when trying to come up with an end-user comprehensible way of stating what kind of logout just happened atthe IdP.
Specifically, we can currently differentiate between these three cases:
1) there was only a session with a single SP, so we can let the user know that a full logout has happened
2) there are sessions with more than one SP, so we can only list all of them, without being able to determine for which SP the logout was actually successful, too
3) no IdP session was identified, so we tell the user something in the sense of "you are logged out"
To better handle case 2), it would be helpful if the inbound message issuer is accessible in logout.jsp as well. I'm attaching a proof of concept which did the trick for me.
Even if 2.4.1 is unlikely to show up anytime soon, it would be useful to know if/what mechanism can be expected to be available in upcoming 2.x - or even 3.x - releases (unless you think that this RFE is completely unreasonable).
When customizing logout.jsp for the SLO profile handler in 2.4.0, we encountered a shortcoming when trying to come up with an end-user comprehensible way of stating what kind of logout just happened atthe IdP.
Specifically, we can currently differentiate between these three cases:
1) there was only a session with a single SP, so we can let the user know that a full logout has happened
2) there are sessions with more than one SP, so we can only list all of them, without being able to determine for which SP the logout was actually successful, too
3) no IdP session was identified, so we tell the user something in the sense of "you are logged out"
To better handle case 2), it would be helpful if the inbound message issuer is accessible in logout.jsp as well. I'm attaching a proof of concept which did the trick for me.
Even if 2.4.1 is unlikely to show up anytime soon, it would be useful to know if/what mechanism can be expected to be available in upcoming 2.x - or even 3.x - releases (unless you think that this RFE is completely unreasonable).