[ 
https://issues.apache.org/jira/browse/FEDIZ-207?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sergey Beryozkin updated FEDIZ-207:
-----------------------------------
    Attachment: fediz207.txt

This is a 1.4.x patch. Is there a reason it should only go to the master ? I'm 
pretty sure the only custom FedizPrincipal impl that is really affected here is 
the test one in the core. The global logout needs to work in 1.4.x

> FedizPrincipal interface needs to have getId() method
> -----------------------------------------------------
>
>                 Key: FEDIZ-207
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-207
>             Project: CXF-Fediz
>          Issue Type: Improvement
>          Components: IDP, Plugin
>            Reporter: Sergey Beryozkin
>         Attachments: fediz207.txt
>
>
> OIDC IDToken generates a random IdToken SubjectId value when it converts the 
> values found in the FedizPrincipal's SAML token. The problem is that every 
> time the user comes in a new subjectId is generated for the id token - while 
> this value is actually expected to be identical for a given user. 
> The immediate problem we face is that every client application gets an 
> IdToken for a user 'alice' with the different subjectId, thus. during the 
> global logout, it is impossible for each of these client applications to 
> identify, from the logout token, which user to logout - because when OIDC 
> LogoutService creates a logout token it uses FedizSubjectCreator to create a 
> new IdToken with a newly generated subject id.
> One way to solve is to start hacking a solution involving saving it in a 
> session id and then take care of removing it from the session on the logout - 
> but given that every Fediz plugin takes care of dealing with FedizPrincipal 
> it is better to keep 'id' at the FedizPrincipal level.
> Updating the interface with getId() will only affect the plugins and not the 
> user code. Each plugin will use UUID to generate it 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to