I use SSO in JBoss for IDP using Picketlink, I don’t have much experience with corporate java security, so I need to make a global logout for the user at some event or timeout. For example, the user started the form, but did not feel it after 5 minutes - I want to force a global exit from the code.
It is usually very simple to do a global logout by simply adding “GLO = true” to the logout URL and then running SSO Valve. But how can I call it from the code when the user is not connected to the browser?
I tried to browse inside Picketlink code, while there is a createLogoutRequest method inside SAML2Request. I still do not understand what to do with him, how to send him, where to send him. Please advice.
source
share