Selective Single Logout Propagation
Brian Moon
bmoon at scu.edu
Thu May 11 18:40:12 EDT 2017
The reasoning behind it was that we did not want to confuse users with a
red X thinking that something had failed that they need to notify us about
(basically same reasoning as yours). So hiding it would certainly achieve
that objective.
To hide it, I assume that we will still need logout-propagate.vm to parse
logout/propagate.vm. Do you just place it in a hidden div? If so, is
there any requirement that a user remain on the page for a specific period
of time for the logouts to complete, or will simply accessing that page
trigger all of logout requests?
Thanks!
Brian Moon
Senior System Administrator
Enterprise Systems
Santa Clara University
Office: 408.554.4830
bmoon at scu.edu
On Thu, May 11, 2017 at 2:03 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> > When we set this up it works great for all of the SPs that support the
> > SingleLogoutService. Unfortunately, since not all SPs support this our
> users
> > will see an error when logging out (most notably for us with Google
> Apps).
>
> Well, they should see a red X. You can't avoid that unless you take the
> tack (which I basically do) that it needs to be changed to hide all the
> results since the answer in any given case is pretty much always "sort of
> logged out of some stuff". The community has indicated that it doesn't all
> agree on that answer so the answer for now is that it needs to get much
> more flexible and configurable.
>
> > Is there a way to configure the logout propagation so that if the
> > SingleLogoutService is not defined in the metadata then it does not even
> > attempt to propagate the logout?
>
> It doesn't attempt to. That doesn't change the outcome, logout to that
> service still didn't happen. Perhaps you're misunderstanding the meaning of
> the UI, or perhaps you're of a mind to agree with my opinion on it. Or I'm
> misremembering what it does, but that's my recollection and certainly it
> was the intent. It's not displaying services it thinks you can logout of,
> it's meant to be displaying every service it knows about, and then telling
> you if it could logout (according to the protocol telling it that it did).
>
> Also, that UI is not 508 compliant, like at all. If you're a public, you
> probably need to be aware of that. That's another reason I want to hide it,
> because I don't know how to make it compliant.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170511/5f70b74c/attachment.html>
More information about the users
mailing list