IDP Logout, text asking user whether or not to kill the IDP session
Cantor, Scott
cantor.2 at osu.edu
Wed Oct 16 17:02:18 EDT 2013
On 10/16/13 4:58 PM, "Steven Carmody" <steven_carmody at brown.edu> wrote:
>is it possible to redirect to the SP's /Shibboleth.sso/Logout endpoint,
>and tell it "and redirect to the metadata-based Logout endpoint of
>whatever IDP was used to create this session?"
That's what a SAML logout does.
>As I understand it, I can pass the Logout endpoint a url to redirect to,
>but my application would have to identify the IDP that was used, and
>then "somehow" obtain the url for its Logout endpoint.
That's not a SAML logout, that's a Local logout.
A SAML logout means you either cede UI to the IdP, or you expect to get a
LogoutResponse back (turning off the async option we added to distinguish
this). You can pass a return parameter to the SP LogoutInitiator and it
will be saved as RelayState in the SAML case and redirected to after the
response, or used directly in the Local case.
-- Scott
More information about the users
mailing list