logout and misc Qs --shib idp
David Langenberg
davel at uchicago.edu
Mon Nov 5 16:49:33 EST 2012
On Mon, Nov 5, 2012 at 2:28 PM, Steven Carmody <Steven_Carmody at brown.edu> wrote:
> On 11/5/12 2:29 PM, David Langenberg wrote:
>> +++1 here too. The lack of any sort of official logout support
>> (closing the browser does not count when talking to most prospective
>> SPs) is the single biggest problem I have in getting new projects to
>> choose Shibboleth over legacy authentication.
>>
>
> we've deployed a page at our IDP that will delete the IDP's session cookie.
>
> SPs can choose to redirect the user to this page if a user clicks LOGOUT
> at the SP site (after deleting all session cookies at the SP)
>
> I believe there's also a version of the IDP page that asks the user
> whether or not they want to destroy the session at the IDP.
>
> Would an approach like this address concerns from these SP operators ?
I thought it would and I even wrote such a feature into our standard
logout page, however, The Powers That Be decided it was a hack and
that we'd wait until the shib project came out with their official
solution.
Dave
--
David Langenberg
Identity & Access Management
The University of Chicago
More information about the users
mailing list