IDP logout.jsp
Andrew Morgan
morgan at orst.edu
Mon Nov 12 19:09:39 EST 2012
It took me a while to figure this out, so I'm posting to the list for the
next guy.
After this whole discussion about IDP logout, I decided to make my own
logout.jsp file. Here is what I settled on:
------------------------------------------------------------------
<%
Cookie c;
c = new Cookie("_idp_session", null);
c.setPath("/idp");
c.setMaxAge(0);
c.setSecure(true);
response.addCookie(c);
c = new Cookie("JSESSIONID", null);
c.setPath("/idp");
c.setMaxAge(0);
c.setSecure(true);
response.addCookie(c);
session.invalidate();
response.sendRedirect("https://YOUR_CAS_SERVER/cas/logout");
%>
------------------------------------------------------------------
This will expire the 2 IDP cookies, invalidate the session, and redirect
to the CAS logout page (we delegate auth to CAS).
To deploy this, stick it in the root of the WAR file. You can either use
zip to add it to the WAR file or a better idea would be to put it in the
src/main/webapp/ directory of your Shibboleth install directory.
I found another interesting logout idea from NCSU:
http://xteams.oit.ncsu.edu/iso/shibboleth/logout
They provide multiple logout pages that have different behaviors. We may
implement that here at OSU also.
I don't know if this information would be worth putting in the wiki, but
hopefully the next guy that needs to implement IDP logout will have a
better starting point than I did!
Andy
More information about the users
mailing list