Just logging out of Shibboleth

Wed May 20 20:48:02 EDT 2015

Hi Ranil,

Just add the same logout button you have when a user is authorised to the page where they get the message saying they are unauthorised.

The syntax should be https://<site>/Shibboleth.sso/Logout<https://%3csite%3e/Shibboleth.sso/Logout>

Regards
Gary

From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Ranil De Silva
Sent: Thursday, 21 May 2015 10:06 AM
To: Shib Users
Subject: Just logging out of Shibboleth

Hi Folks,

In our deployment with Shibboleth IDP v3, we have configured SLO from the applications, so that they log out from their applications and then Shibboleth. But there are a few corner cases that have appeared in testing.

One of the problems is that when an user authenticates with Shibboleth but doesn't have permissions for the application itself. The issue here is that because the user can't get into the application, they can't logout (and hence logout of Shibboleth). And without being able to logout of Shibboleth they can't enter new credentials (assume they have a second set of credentials) to get into the application.

Is there a way of just logging out of Shibboleth directly in this instance.
I have been trying the idp/Profile/Logout by calling https://<site>/idp/Profile/Logout<https://%3csite%3e/idp/Profile/Logout> without any args and although it goes to the logout page, it doesn't seem to be clearing the necessary sessions.

Kind regards
Ranil

This email is confidential and intended solely for the person(s) to whom it is addressed.

[cid:csu-logo428b.bmp]<http://www.csu.edu.au/>

|   ALBURY-WODONGA   |   BATHURST   |   CANBERRA   |   DUBBO   |   GOULBURN   |   MELBOURNE   |   ONTARIO   |   ORANGE   |   PORT MACQUARIE   |   SYDNEY   |   WAGGA WAGGA   |

________________________________
LEGAL NOTICE
This email (and any attachment) is confidential and is intended for the use of the addressee(s) only. If you are not the intended recipient of this email, you must not copy, distribute, take any action in reliance on it or disclose it to anyone. Any confidentiality is not waived or lost by reason of mistaken delivery. Email should be checked for viruses and defects before opening. Charles Sturt University (CSU) does not accept liability for viruses or any consequence which arise as a result of this email transmission. Email communications with CSU may be subject to automated email filtering, which could result in the delay or deletion of a legitimate email before it is read at CSU. The views expressed in this email are not necessarily those of CSU.

Charles Sturt University in Australia<http://www.csu.edu.au> The Grange Chancellery, Panorama Avenue, Bathurst NSW Australia 2795 (ABN: 83 878 708 551; CRICOS Provider Number: 00005F (National)). TEQSA Provider Number: PV12018
Charles Sturt University in Ontario<http://www.charlessturt.ca/> 860 Harrington Court, Burlington Ontario Canada L7N 3N4 Registration: www.peqab.ca

Consider the environment before printing this email.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150521/08a37a3a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: csu-logo428b.bmp
Type: image/bmp
Size: 37976 bytes
Desc: csu-logo428b.bmp
URL: <http://shibboleth.net/pipermail/users/attachments/20150521/08a37a3a/attachment-0001.bmp>