IE11 does not send shib session cookie during global logout

[Cantor, Scott]

On 2/24/18, 10:17 PM, "users on behalf of BenJW" <users-bounces at shibboleth.net on behalf of ben.wxc at gmail.com> wrote:

> I appreciate if anyone can cast some lights on it. Thanks a lot.

Third party cookie issue I would imagine. If the IdP reports that the logout to that SP was successful that would be quite odd. You have provided no logs, no tracing of activity, nothing that could possibly diagnose it.

> Here is my shib.xml and apache vhost config.

You have a significant amount of customization going on there in both layers that I wouldn't know anything about and couldn't know if it would impact this. I would rip it all out as a starting point. You certainly should not be changing the SP's handler location, and you should get rid of all that mess to do with header manipulation and cookies and content security policy and all that from Apache. It seems quite possible that that’s the cause.

-- Scott