Single Logout

Prog programmierstudi at
Thu Nov 27 15:27:14 EST 2014

>So if my thinking is correct: 1) I need some kind of listener in my
web application 2) Configure SP where to send the SOAP message Hm, so 
strange this PHP code, >sorry I'm not so familiar with php, we are using 
java. Regards, Tomaz
The php code is a bit tricky:
1. no parameters supplied - just put out the wsdl
2. action and target parameters url-supplied - front channel logout
3. shibboleth logout request to SOAP server - back channel logout

By 3. you will get the shibsession id that is going to be logout. So at 
login your application has to map this shibbsession id to its own 
session so that on logout you know which application session to logout.

If your code thinks everything went fine it has to respond with a 
SAML2(?) response that simply contains OK (see php example code). If not 
you have to throw a SOAP fault.

You might remember it is always better to throw a SOAP fault than to 
respond with a false positive OK.


More information about the users mailing list