Shibboleth Logout behavior
atulabhagwat at gmail.com
Wed Nov 12 02:24:30 EST 2014
Thanks for your reply. I am trying your suggestion. Can you explain bit
*Another is to use the standard configuration on all of them, but add a
custom LogoutInitiator handler of type="Local" at some special location and
send the browser to do a local-only logout.*
On Mon, Nov 10, 2014 at 4:38 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 11/10/14, 10:57 PM, "Atul Bhagwat" <atulabhagwat at gmail.com> wrote:
> >I have tried it using Logout methods provided LOCAL and SAML2. I couldn't
> >figure out a way to make a particular SP as a main application.
> Logout is between IdP and SP, not SP and SP. The IdP is brokering whatever
> happens after a logout is requested, and Shibboleth does not support that
> brokering anyway, so I don't see the relevance unless you're using some
> other software. Assuming that's the case...
> You can't use the routine configuration and support SAML logout inbound
> but prevent it from issuing logout requests outbound. Making it initiate
> local logout only but respond to SAML logout from another system would
> require elaborately configuring things using the old manual syntax for
> configuring handlers and endpoints.
> One option is to get rid of any logout endpoints in A's metadata, which
> will prevent the IdP from ever sending it a logout if B or C requests one.
> Another is to use the standard configuration on all of them, but add a
> custom LogoutInitiator handler of type="Local" at some special location
> and send the browser to do a local-only logout.
> -- Scott
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users