WSO2 单点注销实现 [英] WSO2 Single Logout implementation

问题描述

我正在尝试在我的 java webapp 中实现 WSO2 单一注销功能.
我无法理解这件事:

I'm trying to implement WSO2 Single Logout functionality in my java webapp.
And I cannot understand this thing:

我为我的 2 个发行人设置了 SAML 单一注销选项.

然后我为第一个服务提供商 (SP) 调用注销，IdP 使用 SAML 响应将其重定向到某个注销 url，SP 获取此请求并使 http 会话无效.

I set SAML Single Logout option for 2 my Issuers.

Then I call logout for first Service Provider (SP), IdP redirects it to some logout url with SAML Response, SP gets this request and invalidates http session.

第二个 SP 也通过 SAML 响应从 IdP 获取请求，但此请求中的 http 会话是 IdP 和 SP 之间的会话，我需要使 Web 浏览器和 SP 之间的会话无效.我怎样才能得到这个会话?

Second SP also gets request from IdP with SAML Response, but http session in this request is a session between IdP and SP, and I need to invalidate session between web browser and SP. How can I get this session?

推荐答案

您需要做的是手动跟踪哪个 http 会话与哪个 sessionSAMLIndex 相关联(您在登录时的断言中得到这个).也许 Map

What you need to do is to manually keep track over what http session is associated with what sessionSAMLIndex(you get this in the assertion at login). Perhaps Map<String, HttpSession>

LogoutRequest 包含会话索引.当您获得 LogoutRequest 时，您会找到 http 会话并将其无效.

The LogoutRequest contains the session index. When you get the LogoutRequest, you find the http session and invalidate it.

这篇关于WSO2 单点注销实现的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！