Forcing logout with NativeSP

Stephen Chan sychan at lbl.gov
Thu Sep 29 22:11:24 BST 2011 

   Yes, I was in fact thinking of something just like that but it
wasn't clear what, if any, set of directives would do the right thing.

   I just tried it, and it does not seem to be clearing the shib
session, I am getting the full list of Shib attributes as well as a a
legit session ID. No redirect to the logout handler, and my session
seems as healthy as ever.

   Was it supposed to work, or were you asking the question just foe
clarification?

   Steve

On Thu, Sep 29, 2011 at 1:19 PM, Kevin P. Foote <kpfoote at iup.edu> wrote:
>
> Are you looking for something like this?
>
>        <Location ~ "^/Security/logout">
>                AuthType shibboleth
>                ShibRequireSession Off
>                require shibboleth
>        </Location>
>
>
> ------
> thanks
>  kevin.foote
>
> On Thu, 29 Sep 2011, Stephen Chan wrote:
>
> -> Hi,
> ->    I'm working on shibboleth integration for a CMS we run and wanted
> -> to get some suggestions for the best way to proceed.
> ->
> ->    There are 2 URL's used by the CMS to handle login and login,
> -> /Security/login and /Security/logout. Using the native SP it is
> -> straightforward to put a Shibboleth auth-type setting on
> -> /Security/login and have all the appropriate attributes available to
> -> be read by the web app.
> ->
> ->    The part that I would like advice on is how to handle logout. Is
> -> there a way to configure Apache to require _no_ shibboleth session on
> -> /Security/logout and have the Native SP module redirect to
> -> /Shibboleth.sso/logout with a return URL? I would like for the
> -> NativeSP shib session to be expired by the control returns to the CMS,
> -> so that it can simply cleanup the CMS session.
> ->
> ->    The only way that comes to mind is to setup a mod_rewrite rule that
> -> tests for auth_type being set to Shibboleth, and then redirecting to
> -> /Shibboleth.sso/logout?return={original url} - but I was hoping for
> -> something that was cleaner.
> ->
> ->     Thanks,
> ->     Steve
> -> --
> -> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> ->
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>

More information about the users mailing list