SP Logout
Yannick Béot
yannick.beot at gmail.com
Mon Sep 10 15:38:02 EDT 2012
Hi,
I have setup Shibboleth SP on apache. I am using the same entityID for 2
different FQDN. For instance: www.domain.com and www.domain.org.
In order to make it works, I have modified the metadata part in my
shibboleth2.xml:
<Handler type="MetadataGenerator" Location="/Metadata.xml"
signing="false">
<EndpointBase>https://www.domain.com/Shibboleth.sso
</EndpointBase>
<EndpointBase>https://www.domain.org/Shibboleth.sso
</EndpointBase>
</Handler>
The login part works like a charm.
My problem is the logout.
When I connect to www.domain.org, I get a cookie for www.domain.org.
But when a LogoutRequest is sent to this SP, it is sent to the first
endpoint: https://www.domain.com/Shibboleth.sso/logout.
The session cookie is missing and Shibboleth is responding an Error :
unknown principal.
Is there a way to make this configuration, 2 domains/1 entityID, works?
Is there a way that Shibboleth destroys the corresponding session of the
LogoutRequest, session pointed out by a random Id and a principal, wihtout
throwing an error?
Thanks for your help,
Yannick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120910/cbd021af/attachment-0001.html
More information about the users
mailing list