2014-08-29
- Scott Cantor
Shibboleth Developer's Meeting, August 29, 2014
Call Administrivia
10:00 Central US / 11:00 Eastern US / 16:00 UK
This week's call will use the Lync system at OSU on an experimental basis. To participate, call:
- +1 (614) 688-1800 (please use if possible)
- +1 (800) 678-6114 (use only if you're charged for the 614 number)
The Conference ID is: 738127#
International participants should be able to access the 800 number without charge through Skype.
Fallback Call Details
If the above doesn't work out, we will fall back to the previous system at 15 minutes past the hour.
Attendees:
Brent
Daniel
Ian
Rod
Scott
Working on logout, see IDP-224 for a design writeup.
Basic "redirect to IdP to clear session" logout is working, with new templates displaying list of active services. Splitting that from the non-SAML flow will make code much simpler to follow.
Working on SAML 2 SLO flow mirroring the 2.4 implementation. Session cache design mostly working, minor tweaks are needed, but I'm able to lookup the sessions properly.
Plan is to add SPSession subtype-specific subflows to optionally run that populate a RelyingPartyContext for each service associated with sessions being logged out (i.e. to lookup metadata, for UI extensions on logout template). This could get expensive (think 20+ services) but will be optional.
Then my plan is to implement a lookup map in the Java session assigning a random key to each SPSession. Eventually this can be used to generate callbacks in a frame to run a special webflow with the random key as a parameter. The flow would lookup the SPSession and do "the right thing" for that type of session to log it out. No idea how to pull off that UI, but increasingly think a major issue will be generating a response to the originating SAML SP right away instead of waiting to complete all the other logouts.
Tom
Other