logout and misc Qs --shib idp
David Langenberg
davel at uchicago.edu
Mon Nov 5 18:21:47 EST 2012
On Mon, Nov 5, 2012 at 4:13 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 11/5/12 6:06 PM, "David Langenberg" <davel at uchicago.edu> wrote:
>
>>nice). The SPs who raise objections, I've found, are really really
>>selfish and don't care about existing sessions on other sites. They
>>just want to ensure that the user is out of their system & can't get
>>back in. I've promoted forceAuthn as a work-around, but we all know
>>that's got it's own problems.
>
> It isn't just a question of them being selfish, rather that *their*
> session with the user will remain when the other "selfish" SPs do this.
> The user will not be out of their system and will get back in. We are
> afraid of the backlash of shipping something that is by design incomplete.
>
>>As some have pointed out, I have docs demonstrating the cookie kill
>>logout, but cannot use that until Shibboleth ships a logout.jsp with
>>it in there.
>
> Does it help if I tell them I'm doing it? ;-)
Tried that, nope.
Dave
--
David Langenberg
Identity & Access Management
The University of Chicago
More information about the users
mailing list