Juan Manuel CABRERA created FEDIZ-20:
----------------------------------------

             Summary: IDP should maintain authentication state
                 Key: FEDIZ-20
                 URL: https://issues.apache.org/jira/browse/FEDIZ-20
             Project: CXF-Fediz
          Issue Type: New Feature
          Components: IDP
    Affects Versions: 1.0.0
            Reporter: Juan Manuel CABRERA


The IDP relies on the browser to cache the end user's credentials (classical 
way to work for a HTTP Basic authentication).
So in the IDP there is no way to kill a end user session without killing the 
browser.
The IDP should maintain these credentials (or better : the proof that these 
credentials were checked at some point - i.e. a token).
If for instance this token is stored in the HTTP session, the IDP will then be 
capable of removing it from the session, effectively killing the authentication 
and forcing the end user to enter again his credentials.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Reply via email to