How to transit to new logout

[Lalith Jayaweera]

With the existing SPs we have asked them use a URL like below (https://<our
IDP>/idp/logout.jsp <https://%3cour%20idp%3e/idp/logout.jsp>) with an
customized jsp residing in the idp (2.4.x..) with below source. This was
due to lack of support on logout and  SLO etc. with prior versions 2.4.x.



With IdP 3.2.x rolling out, am curious what would be the best way to
rollout without impacting the below logout URL which have been configured
in SPs in different ways.


Also we got CAS on top of IdP but not using CAS SLO, also have doubts
whether to use SLO with IdP 3.2.x.
Personally I do not think users should know the status of every SP after
the logout rendering in page, even if it does, it should be a backdoor task.



Can someone advise me, what would be the best way to move on with the above
logout need to perform on IdP 2.4.x



Perhaps have this jsp still and release features slowly SLO etc?



https://<our IDP>/idp/logout.jsp <https://%3cour%20idp%3e/idp/logout.jsp>



with below source for logout.jsp



<%

Cookie c;



c = new Cookie("_idp_session", null);

c.setPath("/idp");

c.setMaxAge(0);

c.setSecure(true);

response.addCookie(c);



c = new Cookie("JSESSIONID", null);

c.setPath("/idp");

c.setMaxAge(0);

c.setSecure(true);

response.addCookie(c);



session.invalidate();

response.sendRedirect("https://<contentserver>/ssoClientLogoutMsg.html");

%>



Where https://<contentserver>/ssoClientLogoutMsg.html gives Generic logout
message with instruction to close all the browsers.



Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170512/d61709ed/attachment.html>