...
OpenID Connect session management works with two hidden iframes , one where both reside at the RP. One is from the RP itself and the other at is from the OP. When authenticating, the OP . The relying party sends an iframe to the RP. The RP embed this OP-provided iframe into the RP. The RP checks the session state by using via the RP iframe to continuously poll a hidden OP by continuously polling the embedded OP provided iframe, without causing network traffic. TherebyThereby, the RP is notified when the session state of the end-user has changed. The flow of this is as follows.
- The RP iframe polls the OP iframe for a session status.
- The OP iframe sends back a post message message (by using HTML5 Winodw.postMessage()) about the session state as 'changed, 'unchanged' or 'error'.
- If the session state is 'changed', the RP sends a passive request for re-authentication.
- If the end user has logged out from the OP, the RP will receive an authentication failure message along with a new session state value. The RP handles this as a end user logout.
- If the end user has not logged out, the RP will receive a successful authentication response along with a new session state value.
| Panel | ||
|---|---|---|
| ||
To test this feature with WSO2 Playground sample, see the Session Management with Playground topic. |