Shibboleth not doing SingleLogout after 30 seconds
Mokkapati, Madan (NIH/CIT) [C]
madan.mokkapati at nih.gov
Tue Jan 26 23:03:03 UTC 2021
Hi Nate,
Thanks for throwing the some light on this issue.
Where can I check if the SP session is lasting for 30 seconds? Is it on shibboleth2.xml file?
Thanks
Madan Mokkapati (Contractor)
Center for Information Technology (CIT) IAM Services
National Institutes of Health
6555 Rock Spring Drive, Bethesda, MD 20817 | Suite 240
(614) 940-0421 (cell), (215) 362-3089 (Desk)
Madan.mokkapati at nih.gov | www.nih.gov
-----Original Message-----
From: Nate Klingenstein <ndk at signet.id>
Sent: Monday, January 25, 2021 5:52 PM
To: Shib Users <users at shibboleth.net>; users at shibboleth.net
Cc: Mokkapati, Madan (NIH/CIT) [C] <madan.mokkapati at nih.gov>
Subject: RE: Shibboleth not doing SingleLogout after 30 seconds
Madan,
The logs show that it's switching from the SAML2 Logout handler to the Local Logout handler at the SP side:
> Within 30 seconds:
>
> DEBUG Shibboleth.Listener [73] [default]: dispatching message (default/Logout::run::SAML2LI)
>
> After 30 seconds:
>
> DEBUG Shibboleth.Listener [73] [default]: dispatching message (default/Logout::run::LocalLI)
Local logout can be triggered even without a session in the first place. Try accessing this URL in a fresh browser.
https://samltest.id/Shibboleth.sso/Logout
So, my best guess is that your SP sessions are only lasting 30 seconds, probably as part of a shim into a local application environment. If you want to do SLO through SAML, you'll need the Shibboleth session to persist at least as long as the application session.
Hope this helps,
Nate.
--------
Signet, Inc.
The Art of Access ®
https://www.signet.id
More information about the users
mailing list