SP SAML2 Logout

Cantor, Scott cantor.2 at osu.edu
Tue Apr 12 16:32:59 EDT 2016

On 4/12/16, 4:12 PM, "users on behalf of Ryan Rumbaugh" <users-bounces at shibboleth.net on behalf of rrumbaugh at nebraska.edu> wrote:

>Say, for example, I authenticate to two SP’s (SP1 & SP2) using the same IdP and then logout of SP1. After logging out, the application and SP1 sessions are removed and I am redirected to the IdP logout page which successfully removes the IdP session.

You appear to be talking about a partial logout withoout the SLO feature in place to remove SP2's session.

>Now, if I go to SP2, where my SP2 session is still active and click logout an error occurs on SP2. Not sure what the error is, but I get a 505 on IIS.

I assume the IdP has responded that the LogoutRequest failed and IIS is hiding the result.

>I realize the IdP session has already been removed in my scenario, but what I would like to happen is to have the IdP redirect back to SP2 with some response that I can check for.

It likely did, or should have, but that should be clear from the logs on both sides.

-- Scott

More information about the users mailing list