| Note |
|---|
The Shibboleth 2 IdP does not support single logout in any meaningful sense. A very limited, and usually more harmful than helpful, feature is documented at IdPEnableSLO. This document is NOT a recipe for implementing single logout. It's a warning to those who think they understand it. They probably do not understand it and need to think about it long and hard before they think about trying to deploy something, whether it's Shibboleth or something else. This is particularly because the logout problem in a federated environment is nothing like enterprise logout, and with the increased amount of outsourcing, there is no such thing as a non-federated enterprise anymore. |
...