Versions Compared

Old Version 3

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 4

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The UI is also, to our understanding, not accessible and is apparently impossible to make accessible. Whether true or not, it definitely is not by default and no fixes for this have been provided. It is believed that hiding the propagation status reporting is accessible, and the idp.logout.propagationHidden 4.2 property exists in V4.2+ to hide this reporting from the user both for accessibility and because of the large number of false positives and negatives that are typically encountered.Finally, the

Preserving Parameters

The design of the logout feature does not support returning control of the user agent to any other system via a "return" parameter or similar mechanism. While this remains officially unsupported, the idp.logout.preserveQuery property can be set to true to cause any parameters on the original request to be preserved and made accessible via a ScratchContext object underneath the ProfileRequestContext.

Note

There are some issues to be cautious of with this approach:

  • Note that any kind of redirection strategy that is not constrained in some way will turn the IdP into an Open Redirector. The IdP does not provide any mitigation for that, which is why this is officially unsupported and not enabled by default.

  • Additionally, be aware that if you use the ScratchContext class for your own customizations, you should take care to avoid conflicts and probably avoid using the context directly under the ProfileRequestContext to avoid the risk of a query parameter overriding your own internal state being handled by the context.

Browser Support

The SLO feature requires a fair bit of mature Javascript support, but any browser that supports HTML5 LocalStorage should work (this use of LocalStorage is independent of the choice of storage service, and it applies even when server-side storage is used). While the SLO implementation is based on modern Web standards, browser features vary so greatly that it's hard to identify minimum browser requirements.

...