matt-bernhardt
commented
10 years ago The problem apparently comes down to visiting the logout page over port 80, rather than port 443. The minimal response is to make sure that the Logout link is directed to port 443/SSL, although I'm not sure that more isn't needed to require SSL for all connections.
Sean reported a problem where the logout link reveals a 401 error "Authorization Required" - which is both ugly and confusing. This happens with or without the session variable tracked by the UI being set.
A workaround was to send him back through /secure to re-establish the Shibboleth variables - at which point the logout worked correctly.