alipio · April 14, 2023 19:53 · Jul 25, 2012 · Jul 20, 2012 · Jul 20, 2012
diff --git a/gistfile1.md b/gistfile1.md
@@ -10,6 +10,7 @@
 ## URLs ##
 
 - OP : [https://openidconnect.info/](https://openidconnect.info/)
+- OP Logout URL : [https://openidconnect.info/connect/logout](https://openidconnect.info/connect/logout)
 - RP : [http://www8322u.sakura.ne.jp/php-connect-sm/](http://www8322u.sakura.ne.jp/php-connect-sm/)
 
 ## Step 1. Visit the RP ##
@@ -46,6 +47,16 @@ Open the new window and visit OP, and click to "Logout" button.
 
 The RP receives a change of the status and notifies own user.
 
+## Extra step : RP initiated Logout
+
+If the user logout of RP, it is sent to OP logout URL.
+
+![RP initiated Logout](https://github.com/ritou/r-weblife/raw/master/img/OpenIDConnect/SessionManagement/OICSM7.png)
+
+At OP logout URL, OP displays a confirmation screen to user and lets user logout.
+
+![RP initiated Logout 2](https://github.com/ritou/r-weblife/raw/master/img/OpenIDConnect/SessionManagement/OICSM8.png)
+
 ## Sample Code : OP iframe URL ##
 
     <html lang="en">

diff --git a/gistfile1.md b/gistfile1.md
@@ -9,8 +9,8 @@
 
 ## URLs ##
 
-- OP : [https://openidconnect.info/]()
-- RP : [http://www8322u.sakura.ne.jp/php-connect-sm/]()
+- OP : [https://openidconnect.info/](https://openidconnect.info/)
+- RP : [http://www8322u.sakura.ne.jp/php-connect-sm/](http://www8322u.sakura.ne.jp/php-connect-sm/)
 
 ## Step 1. Visit the RP ##
 
@@ -154,4 +154,4 @@ The RP receives a change of the status and notifies own user.
         <body onload="setTimer()">
     This is rp_iframe
         </body>
-    </html>
+    </html>
diff --git a/gistfile1.md b/gistfile1.md
@@ -0,0 +1,157 @@
+# OpenID Connect Session Management Demo #
+
+## Spec ##
+
+- Supported : 
+ - [http://openid.bitbucket.org/openid-connect-session-1_0.html](http://openid.bitbucket.org/openid-connect-session-1_0.html)
+- Not Supported yet :
+ - discovery of OP iframe URL and logout URL
+
+## URLs ##
+
+- OP : [https://openidconnect.info/]()
+- RP : [http://www8322u.sakura.ne.jp/php-connect-sm/]()
+
+## Step 1. Visit the RP ##
+
+![Visit the RP](https://github.com/ritou/r-weblife/raw/master/img/OpenIDConnect/SessionManagement/OICSM1.png)
+
+Click to "Authentication" link and start flow.
+
+## Step 2. Sign in to the OP
+
+![Sign in to the OP](https://github.com/ritou/r-weblife/raw/master/img/OpenIDConnect/SessionManagement/OICSM2.png)
+
+Choose the Fake Account.
+
+## Step 3. Authorization
+
+![Authorization](https://github.com/ritou/r-weblife/raw/master/img/OpenIDConnect/SessionManagement/OICSM3.png)
+
+## Step 4. Start to check OP Session Status
+
+![Start to check OP Session Status](https://github.com/ritou/r-weblife/raw/master/img/OpenIDConnect/SessionManagement/OICSM4.png)
+
+The RP checks a session of OP every three seconds.
+
+## Step 5. Sign-out at OP
+
+![Sign-out at OP](https://github.com/ritou/r-weblife/raw/master/img/OpenIDConnect/SessionManagement/OICSM5.png)
+
+Open the new window and visit OP, and click to "Logout" button.
+
+## Step 6. Session synchronization
+
+![Session synchronization](https://github.com/ritou/r-weblife/raw/master/img/OpenIDConnect/SessionManagement/OICSM6.png)
+
+The RP receives a change of the status and notifies own user.
+
+## Sample Code : OP iframe URL ##
+
+    <html lang="en">
+        <head>
+            <meta charset="utf-8">
+            <title>OpenID Connect Sandbox</title>
+            <script src="https://crypto-js.googlecode.com/svn/tags/3.0.2/build/rollups/sha256.js"></script>
+            <script language="JavaScript" type="text/javascript">
+                window.addEventListener("message",receiveMessage, false);
+                function receiveMessage(e){
+                    var origin = "http://www8322u.sakura.ne.jp"; // origin from client_id
+                    if ( e.origin !== origin ) {
+                        return;
+                    }
+
+                    var stat;
+                    var client_id = "77596671429810a5f9fcaf7404216f70f29cd40c"; // from ID Token
+                    var salt = getSaltFromData(e.data); // from e.data
+                    var opss = getOpssFromCookie(); // from Cookie or use API access
+                    var ss = CryptoJS.SHA256(client_id + origin + opss + salt) + "." + salt;  
+                    if (e.data == ss) {
+                        stat = 'unchanged';
+                    } else {
+                        stat = 'changed';
+                    }
+                    e.source.postMessage(stat, e.origin);
+                };
+
+                function getSaltFromData(data){
+                    var salt = "";
+                    var split_data = data.split(".");
+                    if(split_data.length == 2){
+                        salt = split_data[1];
+                    }
+                    return salt;
+                }
+
+                function getOpssFromCookie(){
+                    var theName = "OPS=";
+                    var theCookie = document.cookie+";";
+                    var start = theCookie.indexOf(theName);
+                    if (start != -1)
+                    {
+                        var end = theCookie.indexOf(";",start); //　データを抜きだす
+                        return unescape(theCookie.substring(start+theName.length,end));
+                    }
+                    return "";
+                }
+            </script>
+        </head>
+        <body>
+        This is OpenID Connect Session Management op_iframe URL.
+        </body>
+    </html>
+
+- client_id, origin : from ID Token
+- salt : from data
+- opss : from Cookie
+
+## Sample Code : RP iframe URL ##
+
+    <html>
+        <head>
+            <title>OpenID Connect Session Management Sample RP : RP iframe</title>
+            <script src="http://crypto-js.googlecode.com/svn/tags/3.0.2/build/rollups/sha256.js"></script>
+            <script language="JavaScript" type="text/javascript">
+                var stat = "unchanged";
+                var client_id = "77596671429810a5f9fcaf7404216f70f29cd40c";
+                var origin = "http://www8322u.sakura.ne.jp";
+                var opss = "c1a43afe7e07935514d13a730fe6739a6e8b80344601fad8c429ee58b25b45f3";
+                var salt = "6dc1ed929c268f433a9fe00a8e1afdf56be8a4ec";
+                var mes = CryptoJS.SHA256(client_id + origin + opss + salt) + "." + salt;
+                var targetOrigin  = "https://openidconnect.info";
+
+                function check_session()
+                {
+                    var win = window.parent.document.getElementById("op").contentWindow;
+                    win.postMessage( mes, targetOrigin);
+                }
+
+                function setTimer()
+                {
+                    window.parent.document.getElementById('notice').innerHTML = "Checking OP Session Status.";
+                    check_session();
+                    timerID = setInterval("check_session()",3*1000);
+                }
+
+                window.addEventListener("message", receiveMessage, false);
+
+                function receiveMessage(e)
+                {
+                    if (e.origin !== targetOrigin ) {return;}
+                    stat = e.data;
+                    noticeToParentWindow(stat);
+                }
+
+                function noticeToParentWindow(stat){
+                    if (stat == "changed") {
+                        window.parent.document.getElementById('notice').innerHTML = "You are logged out at openidconnect.info.";
+                    }else{
+                        window.parent.document.getElementById('notice').innerHTML = "";
+                    }
+                }
+            </script>
+        </head>
+        <body onload="setTimer()">
+    This is rp_iframe
+        </body>
+    </html>