File(s): conf/idp.properties, views/logout.vm, views/logout-complete.vm, views/logout-propagate.vm
| Info |
|---|
Single Logout (SLO) support is new in 3.2.0. SLO is a best-effort attempt to end relying party sessions without clearing the browser's cookie and storage state. Most browsers do not clear this state when closed. |
...
If the user chooses SLO, the logout-propagate.vm view is rendered and the browser mediates (i.e. front-channel) a series of logout messages coordinated via iframes, javascript, and in some cases HTML5 storage. The result is a best-effort attempt to explicitly end each relying party session by sending a protocol-specific message to each service endpoint. In the IdP configuration, the SLO messaging process is called propagation. The IdP attempts to display prominent status information on the result of each attempt to end a relying party session; a red X for failure or a green checkbox for success.
If the uses user chooses to end without SLO, logout-complete.vm is rendered and a message is displayed indicating that some relying party sessions may still be active.
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<bean class="net.shibboleth.idp.cas.service.ServiceDefinition"
c:regex="https://([A-Za-z0-9_-]+\.)*example\.org(:\d+)?/.*"
p:group="slo-services"
p:authorizedToProxy="false"
p:singleLogoutParticipant="true" /> |
...