Single Logout
Cantor, Scott
cantor.2 at osu.edu
Fri Nov 28 15:13:59 EST 2014
On 11/27/14, 3:02 PM, "Tomaz Majerhold" <tomaz.majerhold at arnes.si> wrote:
>
>If application manage there own session is there any way that the
>application query SP if user is logout.
>
>It would be very handy if could be possible something like that:
>
>
>https://localhost/Shibboleth.sso/isLogout?shib-session-id=_74d9c6089e14298
>3d8171ab8fc045552
>
>return: true | false
>
>so if true then application can invalidate session.
Aside from the Notify hook (which is not SOAP based unless you're doing
back-channel logout), this all works if you just use passive session
control in your app, and have the SP cover your application code (or part
of) with protection rules, but leave requireSession off. Then you get the
session data in the request if it exists, and not if it doesn't.
-- Scott
More information about the users
mailing list