Shibboleth Proxy to Azure: Completing logout.

Cantor, Scott cantor.2 at
Wed Jan 19 20:08:39 UTC 2022

>    My web searches on the topic haven't come up with anything.  Apologies if it has been discussed already. 

I thought it had, but I don't see anything in the archive.

>  Is there a way to configure Shibboleth to add an additional step of logging the user out of the Azure IDP as
> well?  

No. There isn't any obvious way I see to continue supporting single logout while proxying unless it's back channel only. At some point we might implement options to ignore single logout and just relay control to the second IdP.

Hooking the logout within the template/view and forcing a manual client-side redirect out to Azure is a possible workaround. I don't know that they support SAML logout to begin with, in which case nothing we add would work anyway.

-- Scott

More information about the users mailing list