Ray Bon rbon at uvic.ca
Thu Aug 13 17:26:10 UTC 2020

If a vendor's session timeout triggers logout behaviour, the vendor software is clearly broken.


On Thu, 2020-08-13 at 08:49 -0800, IAM David Bantz wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Some new (to my IdP) SPs invoke our IdP's Logout profile, killing the SSO session.
That isn't necessarily the behavior the users want or expect - especially if the Logout is called merely because of an application time-out. I suppose I should try to get those SPs to change to a less impactful behavior, but in the absence of that, I wonder about rewiring calls to the Logout profile to allow the user the option to destroy the SSO session or not; or even "just saying No" to destroying the SSO session. Have you dealt with this situation? How does your IdP respond to SPs triggering 'global' logout instead of just ending their SP session?

David Bantz
U Aalska


Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rbon at uvic.ca<mailto:rbon at uvic.ca>

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200813/21d86893/attachment.htm>

More information about the users mailing list