Shibboleth Developers

[André Cruz <>]

On 2007/06/07, at 16:40, Scott Cantor wrote:

> > I understand that in these cases back-channel requests won't work  
> > but that's life. I don't think this is the normal case, normally  
> > the attributes that the application received allow the  
> > identification of the user if these attributes are sent on the  
> > back-channel request for the logout.
>
> I suppose, but I'm not planning to try this yet. If somebody else  
> wants to, they can write a logout service handler with the features  
> they want. It definitely won't be in 2.0. Maybe later.

So what can we expect for 2.0, just front-channel requests? The  
remote termination of the SP session is enough for me at least. That  
was my biggest problem with the custom logout mechanism used here  
with 1.3. We can deal with the application sessions ourselves since  
they all have remote logout endpoints and they all use the same ID  
for the users. The only drawback is that we invoke this mechanism on  
all our applications regardless of the user having logged in them or  
not...

Thanks for the answers.
André