Módosítások

DrupalShibbolethReadmeDev

434 bájt törölve, 2009. szeptember 22., 10:10
Non-implemented features
* '''NameID management''': the IdP can request to change the user's NameID (targeted identifier) or to remove it.
* '''Logout notification''': this is a Shibboleth2 feature, not a SAML one. You generally do not need this, because you can terminate the Drupal session on Shibboleth session expiry. This workaround has the disadvantage that the module will not be notified at the time when the user was logged out, only on the next page refresh.
::<small>There is a known security problem of this workaround illustrated with this sequence:
::# User ''Alice'' logs in to Drupal (and to her IdP)
::# Session of ''Alice'' terminates at the SP
::# User ''Bob'' at the same browser logs into the same SP but to another application, thus he has a Shibboleth session
::# User ''Bob'' can access content in Drupal as ''Alice'' (without the roles derived from Alice's attributes) </small>
== Change log ==
A lap eredeti címe: „https://wiki.niif.hu/index.php?title=Speciális:MobileDiff/1215

Navigációs menü