ahelsing
commented
9 years ago Tom found this: https://illyrica.gpolab.bbn.com/Shibboleth.sso/Logout?return=https://illyrica.gpolab.bbn.com
This clears the local Shib-Session-ID cookie. That forces a user trying to access this service to go to the Identity Provider chooser again, be redirected to the IdP, and immediately redirected to the portal. They never see the IdP page (do not have to enter the username/password again). So you are not logged out from the IdP or other SPs. So this is not SLO. This is just logging out of the local application. That return= can be anything. But going to the top level page lets us put them on a portal page that includes a log in again button. And we can have that page recognize the referrer hopefully so it can add text like 'You are now logged out from the GENI Portal'
Trac comment by ahelsing on 04-09-2013 at 15:11
tcmitchell
It would be nice to support some sort of sign-off or logout in the portal. This gets into Shibboleth logout, and Single Logout (SLO), the opposite of single sign on (SSO). The Shibboleth team regularly points out that there are lots of issues with SLO and it usually doesn't work the way people expect. These issues are documented on the SLOIssues page below.
Some helpful links:
https://wiki.shibboleth.net/confluence/display/SHIB2/SLOWebappAdaptation
Imported from trac ticket #64, created by tmitchel on 05-31-2012 at 10:35, last modified: 04-09-2013 at 17:21