Shibboleth SP will not allow a user to log in for a few minutes after he/she log out

Cantor, Scott cantor.2 at
Tue Oct 29 08:28:54 EDT 2019

The SP caches logout requests as per the standard to make sure logouts that arrive ahead of a login are honored, but if there's no SessionIndex in the logout request then any use of the same NameID is going to be impacted. Ithe IdPs stops using a fixed value and uses transients instead the problem will go away. Or they can pass a SessionIndex during logout, which is more or less expected/assumed. I don't think the caching "feature" can be turned off.

-- Scott

More information about the users mailing list