本文介绍了如何销毁WSO2身份服务器中的身份验证会话?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用带有OpenId Connect协议的WSO2身份服务器进行身份验证。



当用户登录时,会创建一个会话以便下次记住用户。 / p>

我想知道如何销毁这个工作阶段。


  1. 不使用认证会话持久性:如果我理解得很好,在这种情况下会话使用commonAuthIdcookie保持。当网络浏览器关闭时,该cookie将被销毁。有没有其他方式注销,而不关闭Web浏览器?身份服务器上的注销页面?

  2. 使用身份验证会话持久性时:此问题的相同问题:用户可能注销的方式是什么?


解决方案

WSO2IS 5.0.0服务器不支持根据openid连接会话管理规范的openid连接注销。因此,没有标准的方法使用openid连接注销。但是有这方面的工作。您可以向查询参数 commonAuthLogout = true 的WSO2IS的 / commonauth 结束点发送请求。这将删除WSO2IS的SSO会话,并且可以注销。请找到您必须从。它会工作和解决你的问题


I'm using WSO2 Identity Server with OpenId Connect protocol for authentication.

When a user log in, a session is created to remember the user next time.

I would like to know the possible ways to destroy this session.

  1. When Authentication Session persistence is not used : if i understood well, in this case the session is kept using the "commonAuthId" cookie. This cookie will be destroyed when the web browser is closed. Is there any other way to "log out" without closing the web browser ? A log out page on Identity Server ? a web service to call in Identity Server API ?
  2. When Authentication Session persistence is used : Same question for this case : What are the possible way for the user to log out ?
解决方案

WSO2IS 5.0.0 server does not support openid connect logout according to the openid connect session management specification. Therefore there is no standard way to logout using openid connect. But there is work around for this. You can send a request to /commonauth end point of the WSO2IS with query parameter commonAuthLogout=true. This removes the SSO session of the WSO2IS and logout can be achieved. Please find the complete request that you must send to /commonauth from here. It would work and solve your problem

这篇关于如何销毁WSO2身份服务器中的身份验证会话?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-18 21:39