-
Notifications
You must be signed in to change notification settings - Fork 270
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Baseline for OpenID Connect Logout #1882
base: 2.x
Are you sure you want to change the base?
Conversation
Regarding RP-Initiated support, the mechanism is going to pass the The following logout parameters are not going to be supported:
In terms of configuration, we might need the following options:
|
c20dde1
to
05456d7
Compare
@fjuma Marking the PR as ready for review. Please, let me know if you want me to update the commit message with the appropriate issue/jira. |
@fjuma W.r.t. to back-channel logout, the solution is the follows:
The limit of the bounded map can be set through a configuration option. By default, we can store |
Do we have this fix in any released version, please? @pedroigor @fjuma @Skyllarr |
@ssingh-cls This hasn't been included in a release yet. |
Thank you @fjuma for quick reply. Do you have any plan to include this feature in future release? Also, to clarify to logout from OIDC server for now, do we have any workaround via existing wildfly-elytron release or we have to rely on other options provided by OIDC such as using their SDK API e.g.? |
@ssingh-cls Yes, we are planning on including this in a future release, please keep an eye on https://issues.redhat.com/browse/ELY-2534 (or this PR) for more updates. I don't think there are any workarounds for RP-Initiated logout, front-channel logout, and back-channel logout in the meantime. |
Thank you very much @fjuma for providing this update. |
Greetings, |
Hi @rioy-soptim, apologies for the delay. We'd like to return to getting this reviewed and determining if any corresponding attributes are needed in the |
Hi @pedroigor, thanks again for this PR! I'm finally going to be picking this up and will look at the configuration options that we should add. Just wanted to ask about the comments about testing in the PR description. Did you end up working on any tests outside of what's in this PR? |
The scope is:
In terms of testing, we are going to have some minimal level of testing on our side too. Differently from here, we are going to run integration tests (running Wildfly).
I should mark the PR ready to review as soon as our testsuite is ready to test Elytron OIDC.
I should also be running some more tests to make sure what is missing (or failing) from recommended security practices for logout.