requestParameters getting lost during local storage interactions in custom logout flow

[Liam Hoekenga]

>
> > I'd rather not alter the flow itself, but it seems that by the time it
> gets to the template, requestParameters is lost and all
> > that's available is the conversation state.
>
> Yes, but that's because this feature just isn't supported. We will never
> use them ourselves, but I'm willing to code in a default capture of any
> parameters into that specific flow/URL into the scratch context if somebody
> files a request for it.
>

Done.   I'd really like to find the least awful / offensive way to
implement this.


> Proprietary locations that aren't in metadata should never be shared with
> anybody and should go through redirection of some kind to separate the
> published location from the mechanics of the software. Mine is at
> /cgi-bin/logout.cgi


Our legacy logout CGI on the our IDPs tries to kill some IDP related
cookies before sending the user on to the legacy SLO.
Would it be possible to get at the IDP session externally (from a CGI) and
destroy it?  It seemed like the surest way to do that was to go through the
IDP itself.

I assume that if we using client storage, we could just kill
the shib_idp_session_ss cookie / storage key w/o having to tie into an IDP
functionality.

Liam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190411/d415695e/attachment.html>