Skip to Content.
Sympa Menu

shibboleth-dev - Logout advice

Subject: Shibboleth Developers

List archive

Logout advice


Chronological Thread 
  • From: André Cruz <>
  • To:
  • Subject: Logout advice
  • Date: Tue, 15 Apr 2008 15:09:41 +0100

Hello.

Since Shibboleth 2.0 still doesn't have the SAML Logout functionality
I'm trying to port my 1.3 hack, because it's a requirement I have.

Background:

- we have 1 IDP and lots of SPs all under our control.
- all our users have a unique userid which is exported as an attribute
to all SPs
- The SPs all use the memcache storage service and they all use the same
memcache servers

The way I'll do this is as follows:

- Alter the StorageServiceSessionCache to "catch" new sessions and build
a map in memcache userid -> [list of session keys in memcache]
- On logout, the IDP fetches the list of sessions this user has and
deletes them. This takes care of all SP's sessions. Additionally the IDP
has a list of URLs of endpoints which take care of possible application
sessions, this URL is called with the userid as argument.

This is a HACK, I know. What I would like is to know your opinions as to
how to improve this process. I haven't had a thorough look at 2.0 yet so
there could be something new that simplifies this process. I noticed
that the SP builds a NAMEID->session map, maybe I can use this map
instead of the map I create...

Best regards,
André





Archive powered by MHonArc 2.6.16.

Top of Page