IDP logout customizations

[Liam Hoekenga]

I'd like to talk to list members from institutions that have customized the
logout behavior of IDP v3.

We're migrating from a legacy sso solution, and had previously "customized"
the provided logout functionality to tie it into the SLO for our legacy
solution (more "rip and replace" than customize).

After talking to our stakeholders, the desired behavior seems to be..
- logout of service provider (kill application and SP sessions)
- kill IDP session
- if service provided a redirect URL, send the user to that location
- user must log in again before they're able to access that service provider

I've been in touch with Minnesota and they have some stuff that looks
promising, but also requires the alteration of the system logout flows.
I'd like to see what other places have done to try and figure out what we
want to do.

thanks!
Liam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190404/d7a445ae/attachment.html>