IDP Logout page

[Steven Carmody]

Hi,

Brown has started down the road of deploying a "better" Logout page at 
the IDP. Logout is a mess, as we all know; we're just trying to make a 
bad situation better; we know we aren't going to be able to deploy a 
perfect solution. Just making sure that people understand our 
expectations, and trying to head off the usual rathole discussion of 
Logout and its problems.

At the bottom of this note I've pasted in a simple non-designed mockup 
of the content we're currently thinking of including.

I particularly like the code that Scott included in the Logout page that 
was packaged with 2.4, with its ability to list the Service Provider 
identifiers associated with the current IDP session. (btw, does that 
list get purged when the IDP session times out ? or at some other point ? )

Here's a couple of questions:

1) Does anyone have any suggestions about how to recover some info from 
the IDP session in order to fill in the [user's name] field ? I know the 
user's name isn't actually associated with the Session -- but is there 
an easy way -- at this point in the flow -- to retrieve that value from 
ldap ? (I know -- "name" isn't precise; I'll figure out which name 
later, if this is possible.) If not an ldap attribute, is the login 
userid value available somewhere ?

2) It looks to me like Scott's page doesn't destroy the IDP session 
cookie ? Is that right ?

Thanks !

----------------------

You have logged out of Banner. You are still logged in to WebLogin as 
[user's name].

Click HERE to to logout of the WebLogin Service. Note that if you remain 
logged in to the WebLogin Service you will be immediately logged back in 
to Banner if you access it again.

NOTE: You may still be logged in to services other than Banner that you 
accessed during this session.

(use code from the standard 2.4 Logout page to list these)

Click HERE if you are on a kiosk or shared computer.

Click HERE for an explanation of the WebLogin service.