Gang
So far, OZP has only been used with sessionless login mechanisms such as HTTP
Basic and client PKI certificates. However, Django (the framework in which
the OZP backend is written) has a pluggable authentication system vaguely akin
to the Spring Security system that you are used to with OWF. Like Spring
Security, the Django auth system has a variety of examples and reusable
components available for it online which you should be able to use to help you
integrate with your authentication environment.
Although OZP does not currently need or use sessions, the technologies that it
is built on can certainly support them, and there are examples of integrating
various SSO systems into Django. It is true that OZP lacks a "logout" button
which would clear the session due to the fact that is has never used sessions
so far. If your project is going to use sessions and requires such a button,
then you can submit a ticket, or even a PR, on github.
Ross Pokorny