IDP answer to LogoutRequest
Ignacio Amoeiro Bosch
ignacio.amoeiro at extern.ibsalut.es
Fri May 7 12:38:48 UTC 2021
Hi Scott,
You say "it makes an attemt to do", but I don't see such attempt in the http tracer nor in the idp-process.log. may be I have something missconfigured?
OFC I understand that is wrong to wait for a response, I will search if it is reported as a bug
Thanks.
-----Mensaje original-----
De: users <users-bounces at shibboleth.net> En nombre de Cantor, Scott
Enviado el: viernes, 7 de mayo de 2021 14:23
Para: Shib Users <users at shibboleth.net>
Asunto: DMARC ErrorRe: IDP answer to LogoutRequest
On 5/7/21, 6:49 AM, "users on behalf of Ignacio Amoeiro Bosch" <users-bounces at shibboleth.net on behalf of ignacio.amoeiro at extern.ibsalut.es> wrote:
> Should the IDP answer to every LogoutRequest with a LogoutResponse?
It makes an attempt to do so, but there are lots of reasons it wouldn't. It is explicity wrong to wait for a response to complete the work required on the SP side when that SP initiates the logout. ADFS has the same bug, FWIW (actually a more serious variant where its logout is contingent on getting only total success back from the IdP, which is impossible since partial success is a valid and virtually certain result).
-- Scott
--
For Consortium Member technical support, see https://ddec1-0-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwiki.shibboleth.net%2fconfluence%2fx%2fcoFAAg&umid=31095c57-c290-4695-a7de-7b26520d131a&auth=1c980b950b810d2ebe959a136e6fc6796ec23183-3197dc726bc07084207dbc8596b6cf2b3af8d49f
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list