SP - Global Logout Feature question...

Nate Klingenstein ndk at sudonym.me
Wed Sep 5 11:14:35 EDT 2018


Dennis,

The most likely explanation is that your IdP doesn't have any SAML
SingleLogoutService endpoints in its metadata.

I don't know if you're running SP 3 yet, but if so, the documentation is
here:

https://wiki.shibboleth.net/confluence/display/SP3/Logout

You shouldn't need any further configuration of the Logout element in the
SP beyond listing SAML2, and the LogoutInitiator configuration is probably
redundant and unnecessary.  I don't know of any "global" configuration
parameter.

If you're willing to go on a beta adventure, I can refer you to a new SAML
testing service I've been building at https://samltest.id/ which does
support front-channel SAML logout.  You can register your SP there and try
logging in and out of the IdP.  The logout page at the IdP hasn't been
skinned yet, but it is fully functional.

Take care,
Nate.



On Wed, Sep 5, 2018 at 2:28 PM, Dennis Fazekas <Dennis_Fazekas at shi.com>
wrote:

> Greetings,
>
>
>
> We are using the SP Shibboleth software for SSO. Recently we got a
> requirement to Logout a user on the IDP side. I thought this would be easy
> by using the following settings in the Shibboleth2.xml file.
>
>
>
>             <Logout>SAML2 global</Logout>
>
>             <LogoutInitiator type="Chaining" Location="/Logout">
>
>                 <LogoutInitiator type="Global" />
>
>                 <LogoutInitiator type="SAML2" template="bindingTemplate.
> html"/>
>
>                 <LogoutInitiator type="Local" />
>
>             </LogoutInitiator>
>
>
>
> As listed is our current settings. I’ve tried “Global” too…
>
>
>
> For the logout we send the user to “/Shibboleth.sso/Logout” and they are
> only being logged out “Locally” and never being sent over to the IDP for
> logout.
>
>
>
> It’s probably something stupid I am missing, but I cannot seem to locate
> the issue. If anyone could help me get this working I would greatly
> appreciate it.
>
>
>
> Thank you!
>
>
>
> Dennis Fazekas  |  Cloud and Innovative Solutions (CIS) | Technical Lead
>
>
>
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180905/134fff8e/attachment.html>


More information about the users mailing list