SP SAML2 Logout

Ryan Rumbaugh rrumbaugh at nebraska.edu
Tue Apr 12 16:12:10 EDT 2016

Hi all,

I’ve been experimenting with using SP-initiated SAML2 logout and have successfully configured it with our 3.2 Shib IdP.  I do have a scenario that is bugging me that I’m hoping someone can help with though.

Say, for example, I authenticate to two SP’s (SP1 & SP2) using the same IdP and then logout of SP1. After logging out, the application and SP1 sessions are removed and I am redirected to the IdP logout page which successfully removes the IdP session.

Now, if I go to SP2, where my SP2 session is still active and click logout an error occurs on SP2. Not sure what the error is, but I get a 505 on IIS.

I realize the IdP session has already been removed in my scenario, but what I would like to happen is to have the IdP redirect back to SP2 with some response that I can check for.  Then I can simply show a message to the end user that their IdP session has already ended and the logout of SP2 has been achieved.

What’s the best approach to accomplish this? Thanks!

Ryan Rumbaugh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160412/b025e400/attachment.html>

More information about the users mailing list