[
https://issues.apache.org/jira/browse/FEDIZ-20?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Juan Manuel CABRERA updated FEDIZ-20:
-------------------------------------
Issue Type: Improvement (was: New Feature)
> IDP should maintain authentication state
> ----------------------------------------
>
> Key: FEDIZ-20
> URL: https://issues.apache.org/jira/browse/FEDIZ-20
> Project: CXF-Fediz
> Issue Type: Improvement
> Components: IDP
> Affects Versions: 1.0.0
> Reporter: Juan Manuel CABRERA
>
> The IDP relies on the browser to cache the end user's credentials (classical
> way to work for a HTTP Basic authentication).
> So in the IDP there is no way to kill a end user session without killing the
> browser.
> The IDP should maintain these credentials (or better : the proof that these
> credentials were checked at some point - i.e. a token).
> If for instance this token is stored in the HTTP session, the IDP will then
> be capable of removing it from the session, effectively killing the
> authentication and forcing the end user to enter again his credentials.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
