Databases
StackOverflow2013
Postsdbo
POGlobal Logout using in Shibboleth by deleting IDP cookie
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POGlobal Logout using in Shibboleth by deleting IDP cookie
    text
    copied!<p>I have a product which authenticates using Shibboleth.</p> <p>When a user initiates a logout on the website</p> <ol> <li>The web server sends a logout request to the Shibboleth SP. </li> <li>SP deletes the cookies post on getting the request.</li> <li>However if the user goes back to the website the login page is not prompted</li> </ol> <p>For the configuration shown below I am using Shibboleth Service Provider given here <a href="https://www.testshib.org/install.html#SP" rel="nofollow noreferrer">https://www.testshib.org/install.html#SP</a>. It is configured to use the testshib.org IdP details of which can be read <a href="https://www.testshib.org/metadata.html" rel="nofollow noreferrer">here</a></p> <p><img src="https://i.stack.imgur.com/lnjI7.jpg" alt="Shibboleth Signout"></p> <p>I believe that the IdP is not deleting its session cookie and re-login the user on Step 3. </p> <p><strong>More on IdP Cookies:</strong></p> <p>This <a href="https://wiki.shibboleth.net/confluence/display/SHIB2/IdPCookieUsage" rel="nofollow noreferrer">wiki-source</a> states IdP uses two cookies <code>_idp_authn_lc_key</code> which is deleted after authentication. and the second is a session cookie '_idp_session' for which it states that :</p> <blockquote> <p>Once a user has been authenticated they will have a long-lived session with the IdP which is tracked by a cookie named _idp_session. This cookie contains only information necessary for identifying the user's IdP session. This cookie is created as "session" cookie and will be removed when the browser chooses to remove such cookies (often when the browser is closed).</p> </blockquote> <p>My question is </p> <ul> <li>What changes do I need to make on the SP to request the IdP to delete the same and effectively create a <strong>GLOBAL LOGOUT</strong> ?</li> </ul>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload