How to transit to new logout

Aaron Howell aaron.howell at deakin.edu.au
Thu May 11 21:39:14 EDT 2017 

You could possibly set up a redirect for the logout.jsp to:

https://<our IDP>idp/profile/Logout<https://%3cour%20idp%3e/idp/logout.jsp>

Cheers,
Aaron

On 12 May 2017, at 11:34 am, Lalith Jayaweera <ljayaweera at gmail.com<mailto:ljayaweera at gmail.com>> wrote:

With the existing SPs we have asked them use a URL like below (https://<our IDP>/idp/logout.jsp<https://%3cour%20idp%3e/idp/logout.jsp>) with an customized jsp residing in the idp (2.4.x..) with below source. This was due to lack of support on logout and  SLO etc. with prior versions 2.4.x.



With IdP 3.2.x rolling out, am curious what would be the best way to rollout without impacting the below logout URL which have been configured in SPs in different ways.



Also we got CAS on top of IdP but not using CAS SLO, also have doubts whether to use SLO with IdP 3.2.x.
Personally I do not think users should know the status of every SP after the logout rendering in page, even if it does, it should be a backdoor task.



Can someone advise me, what would be the best way to move on with the above logout need to perform on IdP 2.4.x



Perhaps have this jsp still and release features slowly SLO etc?



https://<our IDP>/idp/logout.jsp<https://%3cour%20idp%3e/idp/logout.jsp>



with below source for logout.jsp



<%
Cookie c;



c = new Cookie("_idp_session", null);
c.setPath("/idp");
c.setMaxAge(0);
c.setSecure(true);
response.addCookie(c);



c = new Cookie("JSESSIONID", null);
c.setPath("/idp");
c.setMaxAge(0);
c.setSecure(true);
response.addCookie(c);



session.invalidate();
response.sendRedirect("https://<contentserver>/ssoClientLogoutMsg.html");
%>



Where https://<contentserver>/ssoClientLogoutMsg.html gives Generic logout message with instruction to close all the browsers.



Thanks

--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>


Important Notice: The contents of this email are intended solely for the named addressee and are confidential; any unauthorised use, reproduction or storage of the contents is expressly prohibited. If you have received this email in error, please delete it and any attachments immediately and advise the sender by return email or telephone.

Deakin University does not warrant that this email and any attachments are error or virus free.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170512/b81bc023/attachment-0001.html>

More information about the users mailing list