5

I am using SSO in JBoss on IDP with Picketlink, don't have a lot of experience with enterprise java security, what I need to do is to force global log out for user on some event or timeout. For example user started form, but didn't feel it in 5 minutes - I want to force global log out from code.

Normally it's very easy to perform global log out, just adding "GLO=true" to URL for log out link and it's then catched by SSO Valve. But how can I call it from code when user is not connected with a browser?

Tried to view inside Picketlink code, while there is method createLogoutRequest inside SAML2Request I still don't understand what to do with it, how to send it, where to send it. Please advice.

Vik David
  • 3,640
  • 4
  • 21
  • 29
Alexander Ponomarenko
  • 559
  • 3
  • 8
  • As a Picketlink user, I'm curious as to why this would become necessary. Is this perhaps part of some failure path of an orchestration? – josh-cain Sep 25 '12 at 11:29
  • Currently I need it for session timeout, I have multiple web application inside JBoss with different session timeouts, while user is active in any of them - it pings all other sessions to keep them alive, and I want to have session listener that waits for session timeout in any of them and forces GLO. You might say that it's better to just make all session timeouts the same, but it's not an option, also I see few other scenarios where I might want to force logout user based on server logic decision. – Alexander Ponomarenko Sep 25 '12 at 13:31
  • Interesting. I hope you get an answer - I'd like to see if this is possible as well! – josh-cain Sep 26 '12 at 10:48

0 Answers0