Cantor, Scott cantor.2 at
Fri Sep 13 17:14:55 EDT 2019

On 9/13/19, 5:08 PM, "users on behalf of sherrera" <users-bounces at on behalf of sherrera at> wrote:

> In working with the SP, they said the logout action flags their side and
> sends the request to my IDP to kill the session and then expects a response
> back. That response triggers the SP to kill the session. The SP is using
> Shibboleth. I'm not sure of their version. 

That is not how Shibboleth functions. The SP, as all SAML SPs are required to do, and out of simple common sense, clears its own state before sending a request to the IdP, and there is nothing the SP needs afterwards that matters.
> I do have:
>  idp.session.secondaryServiceIndex = true 
> Is there some other configuration set that I may have missed?

There are two session properties documented as required for SAML logout to function, and that is only one of them.

-- Scott

More information about the users mailing list