SLO for Canvas

HCUK eLearning daveperryatwork at gmail.com
Tue Oct 24 06:19:02 EDT 2017


OK scrub the new problem for now, fixed my metadata which I think has fixed
it (Canvas was getting an incorrect fingerprint, and updates every 24
hours).

What I didn't notice yesterday was that there is a SAML Logout section at
the bottom of the Logout setup page, so I've now added the Required line to
my idp.properties:
idp.session.secondaryServiceIndex = true
(as noted yesterday, I've already enabled track SP sessions +
shibboleth.ClientPersistentStorageService
in that file also)

I've attached the DEBUG log file for an unsuccessful logout attempt,
starting from the decoded request.
My limited understanding suggests there's a lot of noise from it looking
for things in the different metadata providers in there, but didn't want to
snip anything in case I missed something important.


Thanks,
Dave

On Tue, Oct 24, 2017 at 10:28 AM, HCUK eLearning <daveperryatwork at gmail.com>
wrote:

> There is a field for Logout URL when you configure SAML as the
> authentication type, I don't really want to leave it blank.
>
> The page I referenced didn't say you had to do more than the 2 things I
> put. So
>
> On Mon, Oct 23, 2017 at 4:54 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
>
>> > I've set our Canvas sites up with our v3 IdP. I'm trying to get SLO
>> working (to
>> > get rid of the horrible 'there was a problem logging out' error Canvas
>> gives
>> > when you click Log Out), and made the following changes in
>> idp.properties:
>>
>> I don't know that Canvas supports SAML logout.
>>
>> And those are definitely insufficient changes to make logout work, if you
>> mean full on SAML logout. The changes required are documented in the wiki,
>> and include turning on HTML local storage via that property, and setting
>> idp.session.secondaryServiceIndex = true
>>
>> But it depends what kind of logout we're talking about.
>>
>> > The page I'm looking at
>> > (https://wiki.shibboleth.net/confluence/display/IDP30/Logout
>> Configuration)
>> > doesn't seem to mention that I need to do anything else to get the
>> basics
>> > working. Am I missing something?
>>
>> Potentially, yes.
>>
>> -- Scott
>>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20171024/8d361fc5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: failed SLO with Canvas.log
Type: application/octet-stream
Size: 36744 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20171024/8d361fc5/attachment-0001.obj>


More information about the users mailing list