Shibboleth Developers

[André Cruz <>]

Hello.

Since Shibboleth 2.0 still doesn't have the SAML Logout functionality
I'm trying to port my 1.3 hack, because it's a requirement I have.

Background: 

- we have 1 IDP and lots of SPs all under our control.
- all our users have a unique userid which is exported as an attribute
to all SPs
- The SPs all use the memcache storage service and they all use the same
memcache servers

The way I'll do this is as follows:

- Alter the StorageServiceSessionCache to "catch" new sessions and build
a map in memcache userid -> [list of session keys in memcache]
- On logout, the IDP fetches the list of sessions this user has and
deletes them. This takes care of all SP's sessions. Additionally the IDP
has a list of URLs of endpoints which take care of possible application
sessions, this URL is called with the userid as argument.

This is a HACK, I know. What I would like is to know your opinions as to
how to improve this process. I haven't had a thorough look at 2.0 yet so
there could be something new that simplifies this process. I noticed
that the SP builds a NAMEID->session map, maybe I can use this map
instead of the map I create...

Best regards,
André