Shibboleth Developers

["Scott Cantor" <>]

> Because I don't know anything about SAML logout... :) Is there a good
> place to read about it without wasting too much time?

Nowhere but the spec.
 
> I guess this would mean that the IDP would have to store which SPs
> requested the attributes of which users and sending those SPs some
> logout messages with the correct NameID?

It does this already, I believe (not which attributes, that's immaterial, 
just the SPs, NameID, and the SessionIndex). The session manager code is 
there, just not the profile and UI code.

> And what are application notifications? A way to deal with applications
> sessions? How do we use it?

I haven't documented it yet, that and logout initiation are the two major 
pieces I have yet to fill in the wiki. There are front and back channel 
message loops that run during logout and NameID mgmt processing. Front 
channel just relies on the cookie and usual attributes being available and 
the app has to make sure to forward the message along. Backchannel uses a 
simple XML schema and sends SOAP messages over a loopback with the logout or 
NameID mgmt details.

-- Scott