logout and misc Qs --shib idp

Cantor, Scott cantor.2 at osu.edu
Mon Nov 5 18:13:59 EST 2012

On 11/5/12 6:06 PM, "David Langenberg" <davel at uchicago.edu> wrote:

>nice).  The SPs who raise objections, I've found, are really really
>selfish and don't care about existing sessions on other sites.  They
>just want to ensure that the user is out of their system & can't get
>back in.  I've promoted forceAuthn as a work-around, but we all know
>that's got it's own problems.

It isn't just a question of them being selfish, rather that *their*
session with the user will remain when the other "selfish" SPs do this.
The user will not be out of their system and will get back in. We are
afraid of the backlash of shipping something that is by design incomplete.

>As some have pointed out, I have docs demonstrating the cookie kill
>logout, but cannot use that until Shibboleth ships a logout.jsp with
>it in there.

Does it help if I tell them I'm doing it? ;-)

-- Scott

More information about the users mailing list