[ 
https://issues.apache.org/jira/browse/FEDIZ-20?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Juan Manuel CABRERA updated FEDIZ-20:
-------------------------------------

    Issue Type: Improvement  (was: New Feature)
    
> IDP should maintain authentication state
> ----------------------------------------
>
>                 Key: FEDIZ-20
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-20
>             Project: CXF-Fediz
>          Issue Type: Improvement
>          Components: IDP
>    Affects Versions: 1.0.0
>            Reporter: Juan Manuel CABRERA
>
> The IDP relies on the browser to cache the end user's credentials (classical 
> way to work for a HTTP Basic authentication).
> So in the IDP there is no way to kill a end user session without killing the 
> browser.
> The IDP should maintain these credentials (or better : the proof that these 
> credentials were checked at some point - i.e. a token).
> If for instance this token is stored in the HTTP session, the IDP will then 
> be capable of removing it from the session, effectively killing the 
> authentication and forcing the end user to enter again his credentials.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Reply via email to