<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Fri Feb 09 00:29:10 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[UXPROD-3077] SAML Single Log Out (SLO)</title>
                <link>https://folio-org.atlassian.net/browse/UXPROD-3077</link>
                <project id="10000" key="UXPROD">UX Product</project>
                    <description>&lt;p&gt;a) When user logs out FOLIO should call the SSO SAML IdP logout endpoint: 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODLOGSAML-92&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODLOGSAML-92&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;SSO Logout does not destroy SAML session&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium&quot; /&gt;
            MODLOGSAML-92
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
&lt;/p&gt;

&lt;p&gt;b) FOLIO should provide a SSO SAML SP logout endpoint that the IdP can call: 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODLOGSAML-94&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODLOGSAML-94&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Provide SLO (Single Log Out) endpoint to be called by SSO IdP&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium&quot; /&gt;
            MODLOGSAML-94
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
&lt;/p&gt;

&lt;p&gt;&lt;b&gt;WARNING:&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://wiki.shibboleth.net/confluence/display/IDP4/LogoutConfiguration&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://wiki.shibboleth.net/confluence/display/IDP4/LogoutConfiguration&lt;/a&gt;&#160;: &quot;SLO is a best-effort attempt to end relying party sessions without clearing the browser&apos;s cookie and storage state. Most browsers do &lt;b&gt;not&lt;/b&gt; clear this state when closed. It is deeply imperfect, minimally supported, and should not be viewed as a security feature or treated as reliable. Trivial and recommended browser settings can render it totally non-functional. It has no future. You should understand all of that before even considering it.&quot;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://wiki.shibboleth.net/confluence/display/CONCEPT/SLOIssues&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://wiki.shibboleth.net/confluence/display/CONCEPT/SLOIssues&lt;/a&gt;&lt;br/&gt;
 &lt;a href=&quot;https://www.identityserver.com/articles/the-challenge-of-building-saml-single-logout&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://www.identityserver.com/articles/the-challenge-of-building-saml-single-logout&lt;/a&gt;&lt;br/&gt;
 &lt;a href=&quot;https://blog.bio-key.com/2016/06/20/saml-single-logout-need-to-know&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://blog.bio-key.com/2016/06/20/saml-single-logout-need-to-know&lt;/a&gt;&lt;br/&gt;
 &lt;a href=&quot;https://medium.com/@BoweiHan/elijd-single-sign-on-saml-and-single-logout-624efd5a224&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://medium.com/@BoweiHan/elijd-single-sign-on-saml-and-single-logout-624efd5a224&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://uit.stanford.edu/service/saml/logout&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://uit.stanford.edu/service/saml/logout&lt;/a&gt; : &quot;some browsers can be configured to save sessions even if they are closed and then re-opened. For example, the Google Chrome browser can be set to &apos;Continue where you left off&apos; which preserves sessions across browser restarts.&quot;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;&lt;b&gt;For these security reasons some institutions have a policy to NOT use SAML Single Log Out (SLO); they should rank this issue R5.&lt;/b&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="11839">UXPROD-3077</key>
            <summary>SAML Single Log Out (SLO)</summary>
                <type id="10002" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium">New Feature</type>
                            <parent id="10073">UXPROD-778</parent>
                                    <priority id="10005" iconUrl="https://dev.folio.org/assets/jira-priority/tbd.svg">TBD</priority>
                        <status id="1" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                    </labels>
                <created>Mon, 17 May 2021 14:45:55 +0000</created>
                <updated>Tue, 2 Nov 2021 12:27:09 +0000</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>5</watches>
                                                                <comments>
                                                            <comment id="16202" author="5ee89462f7aa140abd82d11d" created="Tue, 10 Aug 2021 21:06:42 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A1f093336-57f7-4359-9b28-6e72640645af&quot; class=&quot;user-hover&quot; rel=&quot;557058:1f093336-57f7-4359-9b28-6e72640645af&quot; data-account-id=&quot;557058:1f093336-57f7-4359-9b28-6e72640645af&quot; accountid=&quot;557058:1f093336-57f7-4359-9b28-6e72640645af&quot; rel=&quot;noreferrer&quot;&gt;Debra Howell&lt;/a&gt;: Please clarify why you ranked this to rank 2 for &quot;Cornell (Full Sum 2021)&quot;.&lt;br/&gt;
&#160;&lt;br/&gt;
&lt;a href=&quot;https://confluence.cornell.edu/display/SHIBBOLETH/Shibboleth+at+Cornell+Page&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://confluence.cornell.edu/display/SHIBBOLETH/Shibboleth+at+Cornell+Page&lt;/a&gt; says:&lt;br/&gt;
&#160;&lt;/p&gt;
&lt;blockquote&gt;&lt;p&gt;Does the Cornell Identity Provider provide a logout service?&lt;br/&gt;
No.&#160;Our IdP doesn&apos;t support logout because our credentials stick around until you close your browser. We usually recommend that you give the user instructions to quit the browser if they want to log out.&lt;/p&gt;&lt;/blockquote&gt;</comment>
                                                            <comment id="16204" author="557058:1f093336-57f7-4359-9b28-6e72640645af" created="Wed, 11 Aug 2021 13:21:48 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ee89462f7aa140abd82d11d&quot; class=&quot;user-hover&quot; rel=&quot;5ee89462f7aa140abd82d11d&quot; data-account-id=&quot;5ee89462f7aa140abd82d11d&quot; accountid=&quot;5ee89462f7aa140abd82d11d&quot; rel=&quot;noreferrer&quot;&gt;Julian Ladisch&lt;/a&gt;&#160;We ranked it R2 because while it wasn&apos;t critical for our go-live, we would like to have it soon after.&#160; I see you have quoted part of the FAQ from our central IT organization. However, it does not apply to FOLIO since FOLIO does not allow the token to ever expire even if the browser is closed. This is a security vulnerability, and we would like the ability to set when FOLIO logs out. &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A096dafac-874f-4ff8-92d9-c3cec8655401&quot; class=&quot;user-hover&quot; rel=&quot;557058:096dafac-874f-4ff8-92d9-c3cec8655401&quot; data-account-id=&quot;557058:096dafac-874f-4ff8-92d9-c3cec8655401&quot; accountid=&quot;557058:096dafac-874f-4ff8-92d9-c3cec8655401&quot; rel=&quot;noreferrer&quot;&gt;Philip Robinson&lt;/a&gt;, our Security Liaison and Library Systems representative, can answer additional questions/requirements.&lt;/p&gt;</comment>
                                                            <comment id="16206" author="5ee89462f7aa140abd82d11d" created="Mon, 16 Aug 2021 17:08:24 +0000"  >&lt;p&gt;Access token expiration is on the R3 roadmap of the core platform team and has already been groomed:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODAT-64&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODAT-64&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Enforce access token expiration&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium&quot; /&gt;
            MODAT-64
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 &quot;Enforce access token expiration&quot;&lt;/li&gt;
	&lt;li&gt;
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODAT-65&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODAT-65&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Configurable access/refresh token expiration&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium&quot; /&gt;
            MODAT-65
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 &quot;Configurable access/refresh token expiration&quot;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10008">
                    <name>Defines</name>
                                                                <inwardlinks description="is defined by ">
                                        <issuelink>
            <issuekey id="73343">MODLOGSAML-92</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="73345">MODLOGSAML-94</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="61665">STCOR-580</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10168"><![CDATA[None]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10014" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue key="$xmlutils.escape($text)">Authentication and Authorization Beyond Basic and SAML (LDAP, OAUTH, Grouper)</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10045" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Potential Workaround</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Educate users how to clear the browser&amp;#39;s cookie and storage state. This includes &lt;a href=&quot;https://folio-org.atlassian.net/browse/STCOR-532&quot; title=&quot;Logout from FOLIO, keep SSO login&quot; class=&quot;issue-link&quot; data-issue-key=&quot;STCOR-532&quot;&gt;&lt;strike&gt;STCOR-532&lt;/strike&gt;&lt;/a&gt;.</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i02q6n:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10069" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Rank: Cornell (Full Sum 2021)</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10214"><![CDATA[R2]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 11 Aug 2021 13:21:48 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>