Forcing logout with NativeSP

Kevin P. Foote kpfoote at
Thu Sep 29 21:19:55 BST 2011

Are you looking for something like this?

        <Location ~ "^/Security/logout">
                AuthType shibboleth
                ShibRequireSession Off
                require shibboleth


On Thu, 29 Sep 2011, Stephen Chan wrote:

-> Hi,
->    I'm working on shibboleth integration for a CMS we run and wanted
-> to get some suggestions for the best way to proceed.
->    There are 2 URL's used by the CMS to handle login and login,
-> /Security/login and /Security/logout. Using the native SP it is
-> straightforward to put a Shibboleth auth-type setting on
-> /Security/login and have all the appropriate attributes available to
-> be read by the web app.
->    The part that I would like advice on is how to handle logout. Is
-> there a way to configure Apache to require _no_ shibboleth session on
-> /Security/logout and have the Native SP module redirect to
-> /Shibboleth.sso/logout with a return URL? I would like for the
-> NativeSP shib session to be expired by the control returns to the CMS,
-> so that it can simply cleanup the CMS session.
->    The only way that comes to mind is to setup a mod_rewrite rule that
-> tests for auth_type being set to Shibboleth, and then redirecting to
-> /Shibboleth.sso/logout?return={original url} - but I was hoping for
-> something that was cleaner.
->     Thanks,
->     Steve
-> --
-> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list