Just logging out of Shibboleth

Cantor, Scott cantor.2 at osu.edu
Thu May 21 08:04:32 EDT 2015

On 5/21/15, 12:06 AM, "Ranil De Silva" <ranil.desilva at industrieit.com> 

>In our deployment with Shibboleth IDP v3, we have configured SLO from the 
>applications, so that they log out from their applications and then 
>Shibboleth. But there are a few corner cases that have appeared in 

And there are a hundred more you haven't found.

>One of the problems is that when an user authenticates with Shibboleth 
>but doesn't have permissions for the application itself. The issue here 
>is that because the user can't get into the application, they can't 
>logout (and hence logout of Shibboleth).

That's an application mistake in dealing with its integration with the SP 
if it chooses to support logout.

-- Scott

More information about the users mailing list