SP Initiated Logout with failed IDP logout request
Bryan Madaras
bryan.madaras at armssoftware.com
Wed Jul 7 15:24:15 UTC 2021
Yeah I was not clear enough.
From the perspective of the user they are directly logged back in as they did not have to re-authenticate on the IDP.
Which I thought they would have to when we removed the session from the SP SessionCache and closed the browser which should then clear the browser session cookies.
-Bryan
> On Jul 7, 2021, at 11:13 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:
>
> If the logout request fails, then the user hasn't been logged out of anything but your SP. And closing a browser probably does nothing, that depends on settings.
>
>> What I am seeing is that the user seems to be able to directly log back in.
>
> The log explicitly shows it forming and issuing a request to the IdP, which is definitely not "directly logged back in".
>
> -- Scott
>
>
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list