Shibboleth.sso/Logout questions
Cantor, Scott
cantor.2 at osu.edu
Tue Jul 31 10:31:53 EDT 2012
> Via this mechanism can I tell Shib SP to only perform local logout if I know
> already that the IdP doesn't support SLO? I.e. does the handler support a
> "&type=local" query string, or something of that kind?
That's what the LogoutInitiator chain does. The <Logout> element is equivalent to the old default chain of SAML2 followed by Local.
> Or does Shib SP look at the session's IdP entityID, determine if it supports
> SLO, and performs only a local logout if not (without throwing up an error
> screen)?
That depends on what you think a partial logout is. In my opinion, a partial logout is an error, and thus exposing logout is generally just wrong. But that's what it reports, and how you choose to present that is up to you via template or redirect as you choose.
-- Scott
More information about the users
mailing list