SP Logout

Yannick Béot yannick.beot at gmail.com
Mon Sep 10 15:38:02 EDT 2012


I have setup Shibboleth SP on apache. I am using the same entityID for 2
different FQDN. For instance: www.domain.com and www.domain.org.
In order to make it works, I have modified the metadata part in my
            <Handler type="MetadataGenerator" Location="/Metadata.xml"

The login part works like a charm.

My problem is the logout.
When I connect to www.domain.org, I get a cookie for www.domain.org.
But when a LogoutRequest is sent to this SP, it is sent to the first
endpoint: https://www.domain.com/Shibboleth.sso/logout.
The session cookie is missing and Shibboleth is responding an Error :
unknown principal.

Is there a way to make this configuration, 2 domains/1 entityID, works?
Is there a way that Shibboleth destroys the corresponding session of the
LogoutRequest, session pointed out by a random Id and a principal, wihtout
throwing an error?

Thanks for your help,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120910/cbd021af/attachment-0001.html 

More information about the users mailing list