Session Revoked (CAEP)

Continuous Access Evaluation Profile event indicating a user session has been terminated (CAEP §3.1). Receiving systems must immediately invalidate the affected session.

Try in SSF Sandbox
Security EventsCAEPContinuous Eval

Sequence Diagram

Click any step for details

IdPTransmitterReceiversReceiverSessionsTokens1Session Revocation Trigger2Create Session Revoked SET3Deliver SET to Receivers4Receiver Validates SET5Terminate User Sessions6Revoke Access Tokens
Request
Response
Redirect
Internal

Step-by-Step Breakdown

1
Session Revocation Trigger
Identity ProviderIdentity Provider
2
Create Session Revoked SET
Identity ProviderIdentity Provider
3
Deliver SET to Receivers
TransmitterAll Subscribed Receivers
4
Receiver Validates SET
Receiver (RP)Receiver (RP)
5
Terminate User Sessions
Receiver (RP)Session Store
6
Revoke Access Tokens
Receiver (RP)Token Store

Token Inspector

Specs for this flow

Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.

Core specs

· The specifications that define this protocol.