Table of Contents |
---|
Used documentation
Cookbook/ materials | Version | Location |
---|---|---|
Identity & Authorization Management (I.AM) - Overview | 1.0 | https://www.ehealth.fgov.be/ehealthplatform/file/view/c87f7d093e56ff1054c73d6aae09e0bb?filename=ehealth_i.am_-_overv |
Technical specifications Identity & Authorization Management (I.AM)- Logout | 1.0 | https://www.ehealth.fgov.be/ehealthplatform/file/view/8f9881c65700081363c8922c5e7928da?filename=ehealth_i.am_-_logout |
Cookbook Identity & Authorization Management (I.AM) - SP Shibboleth | 1.0 | https://www.ehealth.fgov.be/ehealthplatform/file/view/9eae84bee7bf8370f12841558ed2308a?filename=ehealth_i.am_-_sp_shibboleth_v1.0.pdf |
NativeSPServiceLogout wiki page | old version (2010) | https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceLogout |
NativeSPSingleLogoutService wiki page | 2018 | https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSingleLogoutService |
NativeSPLogoutInitiator wiki page | 2018 | https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLogoutInitiator |
Issue 14 in JIRA | - |
General information
The local logout will disconnect the user only from the active application. He/she will still authenticated to the IDP.
In order to do a local logout in the mobile application, the user should do it via the following possibilities:
...
presses a button integrating the URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI}
...
.
...
Basic flow
Flow | Specification | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Use case ID | ATH-UC-08-BF | ||||||||||
Use case name | Local logout of a user from the mobile application via URL_local_logout | ||||||||||
Actors |
| ||||||||||
Short Description | This use case denotes the basic flow of the local logout use case. Indeed, it consists on the disconnection from the authorization server (called also the IAM connect). To logout eHealth I.AM Connect via OpenID, the logout request should sent via the following URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI}. | ||||||||||
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | ||||||||||
Pre-Conditions |
| ||||||||||
Post-Conditions |
| ||||||||||
Steps (basic flow) | 0 | The user accesses to the WebSSO based mobile application interface to locally logout | |||||||||
1 | The SP receives The user presses the logout button to disconnect him/herself from the SP | 2 | the logout request and asks the AS to end the active session via the URL_local_logout | 3 | The AS ends the active session and notifies the SP | 4 | The SP sends the response to the user | 5 | The user is logged out from the mobil application | Exceptions (exception flows) | |
Frequency |
|
Alternative flow 1
AS. A popup appears to ask him/her if he/she wants to do global logout. | ||
2 | The user declines to do a global logout and the application sends the logout request to the AS. | |
3 | The client |
Use case ID
ATH-UC-08-AF-01
Use case name
Local logout of a user by closing the mobile application
Actors
Citizen
- Healthcare giver
- Representative of an institution
Short Description
This use case denotes the basic flow of the local logout use case. Indeed, it consists on the disconnection from the authorization server (called also the IAM connect). To logout eHealth I.AM Connect via OpenID, the logout request should sent via the following URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI}.
1 (High)
Must have: The system must implement this goal/ assumption to be accepted.
Pre-Conditions
- The user is authenticated in the mobile application
- The URL_local_logout
Post-Conditions
The user is locally logged out
Steps (basic flow)
0
1
The user presses the logout button to disconnect him/herself from the SP
2
asks the AS to end the active session via the URL_local_logout |
4 | The AS ends the active session and notifies the |
4
client | ||
5 | The user is logged out from the mobil application. | |
Exceptions (exception flows) | ||
Frequency |
|