[ https://issues.apache.org/jira/browse/FEDIZ-20?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Juan Manuel CABRERA updated FEDIZ-20: ------------------------------------- Issue Type: Improvement (was: New Feature) > IDP should maintain authentication state > ---------------------------------------- > > Key: FEDIZ-20 > URL: https://issues.apache.org/jira/browse/FEDIZ-20 > Project: CXF-Fediz > Issue Type: Improvement > Components: IDP > Affects Versions: 1.0.0 > Reporter: Juan Manuel CABRERA > > The IDP relies on the browser to cache the end user's credentials (classical > way to work for a HTTP Basic authentication). > So in the IDP there is no way to kill a end user session without killing the > browser. > The IDP should maintain these credentials (or better : the proof that these > credentials were checked at some point - i.e. a token). > If for instance this token is stored in the HTTP session, the IDP will then > be capable of removing it from the session, effectively killing the > authentication and forcing the end user to enter again his credentials. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira