Just logging out of Shibboleth

Ranil De Silva ranil.desilva at industrieit.com
Wed May 20 20:06:00 EDT 2015

Hi Folks,

In our deployment with Shibboleth IDP v3, we have configured SLO from the
applications, so that they log out from their applications and then
Shibboleth. But there are a few corner cases that have appeared in testing.

One of the problems is that when an user authenticates with Shibboleth but
doesn't have permissions for the application itself. The issue here is that
because the user can't get into the application, they can't logout (and
hence logout of Shibboleth). And without being able to logout of Shibboleth
they can't enter new credentials (assume they have a second set of
credentials) to get into the application.

Is there a way of just logging out of Shibboleth directly in this instance.
I have been trying the idp/Profile/Logout by calling
without any args and although it goes to the logout page, it doesn't seem
to be clearing the necessary sessions.

Kind regards


This email is confidential and intended solely for the person(s) to whom it 
is addressed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150521/94b221ba/attachment.html>

More information about the users mailing list