IAM David Bantz dabantz at alaska.edu
Thu Aug 13 17:29:49 UTC 2020

agreed it's broken, but "it is what it is"

(AFAICT, the trigger is either and explicit "logout" choice in the service
OR an attempt to do something in the service once the timeout period has
elapsed - say click on a link - and the service relays to the IdP Logout

On Thu, Aug 13, 2020 at 9:26 AM Ray Bon <rbon at uvic.ca> wrote:

> If a vendor's session timeout triggers logout behaviour, the vendor
> software is clearly broken.
> Ray
> On Thu, 2020-08-13 at 08:49 -0800, IAM David Bantz wrote:
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
> Some new (to my IdP) SPs invoke our IdP's Logout profile, killing the SSO
> session.
> That isn't necessarily the behavior the users want or expect - especially
> if the Logout is called merely because of an application time-out. I
> suppose I should try to get those SPs to change to a less impactful
> behavior, but in the absence of that, I wonder about rewiring calls to the
> Logout profile to allow the user the option to destroy the SSO session or
> not; or even "just saying No" to destroying the SSO session. Have you dealt
> with this situation? How does your IdP respond to SPs triggering 'global'
> logout instead of just ending their SP session?
> David Bantz
> U Aalska
> --
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rbon at uvic.ca
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200813/ab96330b/attachment.htm>

More information about the users mailing list