Shibboleth SSO doesn't log user out when browser is closed and reopened, seems to be caused by configuration?

Cantor, Scott cantor.2 at
Thu Nov 14 16:55:25 EST 2019

FYI, there is no such thing as V3.4.1, the SP is on 3.0.4 IIRC.

You're describing impossible behavior, so you're misinterpreting something. If you want to track session handling in detail per request, use the native log information in the Event Log to track what it's doing when the request is made. It's possible to derive much of that from shibd.log but more indirectly, it takes more knowledge of the internals.

In general, closing a browser has nothing to do with logout, and nothing the SP does has much influence on it. Whether you're logged in or not across closure will not change based on changing the RequestMap. You are or aren't, and either is possible, that's up to the browser.

If you really want a deep dive to help diagnose it, this would need to go through member support; I can let you know who to contact to get access to those mechanisms on behalf of UC if you contact me offline. 

-- Scott

More information about the users mailing list