Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We have used Shibboleth to authenticate users. It works great.
The issue is that after going to user/logout (and, I think, actually logging out), the user is immediately and automatically re-authenticated!
Any solutions come to mind?
Thanks!
This is a moderately complex issue, depending on what you want to achieve. The bad news is that according to people who should know, SingleLogOff basically doesn’t work, because at the very least the local app might cache login information and there’s no reliable way of telling everybody to log you out.
However, logging out of a Service Provider’s specific session might be as easy as sending your user to
https://yourhost/Shibboleth.sso/Logout?return=http://www.google.comwhich will destroy that session and redirect the user to the given URL.To destroy the session with the IdP, you’d probably need a way to erase the
_idp_sessioncookie set by the IdP, which is easy if you control the IdP and not if you don’t. (The shibd SP does support telling the IdP to log out the IdP session, too, but the IdP doesn’t.)EDIT AFTER SHIB 3 RELEASE
Shibboleth 3 now support SLO.