Shibboleth not doing SingleLogout after 30 seconds
Nate Klingenstein
ndk at signet.id
Mon Jan 25 22:51:46 UTC 2021
Madan,
The logs show that it's switching from the SAML2 Logout handler to the Local Logout handler at the SP side:
> Within 30 seconds:
>
> DEBUG Shibboleth.Listener [73] [default]: dispatching message (default/Logout::run::SAML2LI)
>
> After 30 seconds:
>
> DEBUG Shibboleth.Listener [73] [default]: dispatching message (default/Logout::run::LocalLI)
Local logout can be triggered even without a session in the first place. Try accessing this URL in a fresh browser.
https://samltest.id/Shibboleth.sso/Logout
So, my best guess is that your SP sessions are only lasting 30 seconds, probably as part of a shim into a local application environment. If you want to do SLO through SAML, you'll need the Shibboleth session to persist at least as long as the application session.
Hope this helps,
Nate.
--------
Signet, Inc.
The Art of Access ®
https://www.signet.id
More information about the users
mailing list