logout and misc Qs --shib idp

David Langenberg davel at uchicago.edu
Mon Nov 5 16:49:33 EST 2012

On Mon, Nov 5, 2012 at 2:28 PM, Steven Carmody <Steven_Carmody at brown.edu> wrote:
> On 11/5/12 2:29 PM, David Langenberg wrote:
>> +++1 here too.  The lack of any sort of official logout support
>> (closing the browser does not count when talking to most prospective
>> SPs) is the single biggest problem I have in getting new projects to
>> choose Shibboleth over legacy authentication.
> we've deployed a page at our IDP that will delete the IDP's session cookie.
> SPs can choose to redirect the user to this page if a user clicks LOGOUT
> at the SP site (after deleting all session cookies at the SP)
> I believe there's also a version of the IDP page that asks the user
> whether or not they want to destroy the session at the IDP.
> Would an approach like this address concerns from these SP operators ?

I thought it would and I even wrote such a feature into our standard
logout page, however, The Powers That Be decided it was a hack and
that we'd wait until the shib project came out with their official


David Langenberg
Identity & Access Management
The University of Chicago

More information about the users mailing list