logout and misc Qs --shib idp

David Langenberg davel at uchicago.edu
Mon Nov 5 18:21:47 EST 2012

On Mon, Nov 5, 2012 at 4:13 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 11/5/12 6:06 PM, "David Langenberg" <davel at uchicago.edu> wrote:
>>nice).  The SPs who raise objections, I've found, are really really
>>selfish and don't care about existing sessions on other sites.  They
>>just want to ensure that the user is out of their system & can't get
>>back in.  I've promoted forceAuthn as a work-around, but we all know
>>that's got it's own problems.
> It isn't just a question of them being selfish, rather that *their*
> session with the user will remain when the other "selfish" SPs do this.
> The user will not be out of their system and will get back in. We are
> afraid of the backlash of shipping something that is by design incomplete.
>>As some have pointed out, I have docs demonstrating the cookie kill
>>logout, but cannot use that until Shibboleth ships a logout.jsp with
>>it in there.
> Does it help if I tell them I'm doing it? ;-)

Tried that, nope.


David Langenberg
Identity & Access Management
The University of Chicago

More information about the users mailing list