Just logging out of Shibboleth
Cantor, Scott
cantor.2 at osu.edu
Thu May 21 08:04:32 EDT 2015
On 5/21/15, 12:06 AM, "Ranil De Silva" <ranil.desilva at industrieit.com>
wrote:
>
>In our deployment with Shibboleth IDP v3, we have configured SLO from the
>applications, so that they log out from their applications and then
>Shibboleth. But there are a few corner cases that have appeared in
>testing.
And there are a hundred more you haven't found.
>One of the problems is that when an user authenticates with Shibboleth
>but doesn't have permissions for the application itself. The issue here
>is that because the user can't get into the application, they can't
>logout (and hence logout of Shibboleth).
That's an application mistake in dealing with its integration with the SP
if it chooses to support logout.
-- Scott
More information about the users
mailing list