logout and misc Qs --shib idp

[Kevin P. Foote]

On Mon, 5 Nov 2012, ci_98yr wrote:
-> 1. What is being currently used for logout? It now appears that SSO has been
-> solved
-> but SLO or Limited LO (selective log out) has been left out. For a newbie,
-> what is the quickest option
-> to get log out option implemented?

General consensus is don't. 

Here if apps have a "logout" button page or whatever, the link goes back
to an IdP page stating the user should close their browser. This is
currently the simplest and most universally supported way to end the IdP session.  
You can additionally use some JSP at this page to remove / expire the
shib related cookies.  

There are of course other options. 

 o Hungarian SLO enabled Shib (you can cut/paste that into google)

 o UniMr logout jar 

-> 2. Wanted a good reference on IDP mainly from config and deployment
-> perspective, including security
-> aspects. Appreciate if any can share some pointers on that.

Get familiar with your JVM container and OS. 

Best docs for shibboleth have and will be located on the shib wiki.

https://wiki.shibboleth.net 

-> 3. Is there a list of current deployments of shib ('understand this fave at
-> univs world wide, a list would be
-> helpful, besides and including univs)

Each of the large federations I think has a listing of IdPs somewhere on their
respective site. This would give you a ball park. 

example here is InCommon's page.. 
  http://www.incommon.org/federation/info/all-entities.html#IdPs

------
thanks
  kevin.foote