Shibboleth & Wordpress Logout
Cantor, Scott
cantor.2 at osu.edu
Fri Nov 9 14:47:19 EST 2012
On 11/9/12 1:29 PM, "Chris Bland" <chris at fdu.edu> wrote:
>
>I have implemented Wordpress v3.4.1 & Shibboleth SP v2.5.0 using the
>Shibboleth module. I have observed that SP and Wordpress session cookies
>are removed if a user logs out locally on the wordpress host but the
>Wordpress session cookies remain when I logout of Shibboleth from another
>SP. I am trying to figure out what options I have to deal with this
>security issue.
Not doing SSO would be the primary option you have.
> Are there any settings I have overlooked? Is there an additional
>module I don't know about?
Please review the SLOIssues topic in the wiki for background on the issue.
> Any suggestions on dealing with this vulnerability would be appreciated.
Logout is discussed constantly on this list and you can find hundreds of
messages in the archive about it, including a dozen in the last week.
-- Scott
More information about the users
mailing list