Versions Compared

Old Version 12

changes.mady.by.user Rami Sellami

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (fabian.steels@cetic.be)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Used documentation

Cookbook/ materialsVersionLocation
Identity & Authorization Management (I.AM) - Overview1.0https://www.ehealth.fgov.be/ehealthplatform/file/view/c87f7d093e56ff1054c73d6aae09e0bb?filename=ehealth_i.am_-_overv
Technical specifications Identity & Authorization Management (I.AM)- Logout1.0https://www.ehealth.fgov.be/ehealthplatform/file/view/8f9881c65700081363c8922c5e7928da?filename=ehealth_i.am_-_logout
Cookbook Identity & Authorization Management (I.AM) - SP Shibboleth1.0https://www.ehealth.fgov.be/ehealthplatform/file/view/9eae84bee7bf8370f12841558ed2308a?filename=ehealth_i.am_-_sp_shibboleth_v1.0.pdf
NativeSPServiceLogout wiki pageold version (2010)https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceLogout
NativeSPSingleLogoutService wiki page2018https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSingleLogoutService
NativeSPLogoutInitiator wiki page2018https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLogoutInitiator
Issue 14 in JIRA -

http://jira.ivlab.ilabt.imec.be/projects/MHEH/issues/MHEH-14

General information

The local logout will disconnect the user only from the active application. He/she will still authenticated to the IDP.

In order to do a local logout in the mobile application, the user should do it via the following possibilities:

...

presses a button integrating the URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI}

...

.

...


Basic flow

FlowSpecification

Use case ID

ATH-UC-08-BF

Use case name

Local logout of a user from the mobile application via URL_local_logout

Actors

  • Citizen

  • Healthcare giver
  • Representative of an institution

Short Description

This use case denotes the basic flow of the local logout use case. Indeed, it consists on the disconnection from the authorization server (called also the IAM connect). To logout eHealth I.AM Connect via OpenID, the logout request should sent via the following URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI}.

Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

  • The user is authenticated in the mobile application
  • The URL_local_logout

Post-Conditions

  • The user is locally logged out

Steps (basic flow)

0

The user accesses to the WebSSO based mobile application interface to locally logout

1

The SP receives

The user presses the logout button to disconnect him/herself from the SP 

2

the

logout request and asks the AS to end the active session via the URL_local_logout		3The AS ends the active session and notifies the SP

4

The SP sends the response to the user

5

The user is logged out from the mobil application

Exceptions (exception flows)

Frequency

  • Every time the user needs to locally logout from the application

Alternative flow 1

AS. A popup appears to ask him/her if he/she wants to do global logout.


2

The user declines to do a global logout and the application sends the logout request to the AS.


3

The client

FlowSpecification

Use case ID

ATH-UC-08-AF-01

Use case name

Local logout of a user by closing the mobile application

Actors

  • Citizen

  • Healthcare giver
  • Representative of an institution

Short Description

This use case denotes the basic flow of the local logout use case. Indeed, it consists on the disconnection from the authorization server (called also the IAM connect). To logout eHealth I.AM Connect via OpenID, the logout request should sent via the following URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI}.

Priority

1 (High)

Must have: The system must implement this goal/ assumption to be accepted.

Pre-Conditions

  • The user is authenticated in the mobile application
  • The URL_local_logout

Post-Conditions

  • The user is locally logged out

Steps (basic flow)

0

The user accesses to the WebSSO based mobile application interface to locally logout

1

The user presses the logout button to disconnect him/herself from the SP 

2

The SP receives the logout request and

asks the AS to end the active session via the URL_local_logout

3

4The AS ends the active session and notifies the
SP

4

The SP sends the response to the user
client

5

The user is logged out from the mobil application.

Exceptions (exception flows)


Frequency

  • Every time the user needs to locally logout from the application