Forcing logout with NativeSP

Stephen Chan sychan at
Thu Sep 29 21:01:39 BST 2011

   I'm working on shibboleth integration for a CMS we run and wanted
to get some suggestions for the best way to proceed.

   There are 2 URL's used by the CMS to handle login and login,
/Security/login and /Security/logout. Using the native SP it is
straightforward to put a Shibboleth auth-type setting on
/Security/login and have all the appropriate attributes available to
be read by the web app.

   The part that I would like advice on is how to handle logout. Is
there a way to configure Apache to require _no_ shibboleth session on
/Security/logout and have the Native SP module redirect to
/Shibboleth.sso/logout with a return URL? I would like for the
NativeSP shib session to be expired by the control returns to the CMS,
so that it can simply cleanup the CMS session.

   The only way that comes to mind is to setup a mod_rewrite rule that
tests for auth_type being set to Shibboleth, and then redirecting to
/Shibboleth.sso/logout?return={original url} - but I was hoping for
something that was cleaner.


More information about the users mailing list