565
szerkesztés
Módosítások
→UI customization
== UI customization ==
The UI is located in two JSP files:
* <code>sloQuestion.jsp</code> the user chooses whether she wants to logout from all service providers or just from the provider where she came from.
* <code>sloController.jsp</code> is the logout UI where every session participant and their corresponding logout status is shown. At the end of the logout process, the user is notified if the single logout was completed.
=== How it works ===
==== SLOServlet ====
The heart of the logout process is the <code>SLOServlet</code>. This servlet is responsible for these actions:
* rendering the logout question and controller page
* initiating front-channel or back-channel logout to one SP (<code>SLOServlet?logout&entityID=...</code>)
* returning the logout status as a JSON string (<code>SLOServlet?status</code>)
==== With javascript ====
The controller renders a page where an iframe is placed for every active session participant. This iframe calls the <code>SLOServlet?logout&entityID=...</code> URL where the logout request is issued for the given session participant. If the request is front-channel, the iframe will make a front-channel SAML message exchange with the peer (using HTTP-Redirect or POST bindings).
The status of the single logout process is queried via asynchronous requests. The status response from <code>SLOServlet</code> is a JSON array. This JSON array contains one object with the <code>entityID</code> and <code>logoutStatus</code> properties for each session participant.
The logout status can be one of the followings:
* <code>LOGGED_IN</code>: logout is not initiated for this participant yet.
* <code>LOGOUT_ATTEMPTED</code>: logout was initiated.
* <code>LOGOUT_FAILED</code>: logout failed.
* <code>LOGOUT_UNSUPPORTED</code>: SAML2 logout is not supported by the participant (the metadata does not contain the necessary endpoints).
Status queries are issued using exponential backoff timing, until the timeout is reached. Please see the <code>sloController.jsp</code> for the exact timing used.
==== Without javascript ====
Controller renders an HTML page with <code><noscript></code> tags. There will be one link for each session participant, which link can initiate the logout process (see above for details). Depending on the current logout status, several other controls are enabled on the page:
* <code>Refresh</code> button, which will reload the controller HTML with the current status icons.
* <code>Logout failed</code> message when logout process was finished, and there was at least one failed session participant.
* <code>Logout succeeded</code> message when logout process was finished, and all session participants completed the logout.
With javascript disabled, the timeout is not possible, so if one session participant fails to respond, the user gets stuck on the status page.
=== Logout status query ===
