Last modified 7 years ago Last modified on 11/12/12 16:15:55

Shibboleth / IdP Logout

This page documents the IAM built logout capability of the IdP. It is a simple bit of JSP script that detects the presence of the _idp_session cookie in the client browser and then sets the cookie for removal of its present. It also provides a return parameter for returning a client browser back to the control of an application. The following flow diagram helps to illustrate the use of the facility.

The code for the logout.jsp can be found in the SVN instance for this project:


Deployment as part of the IdP:

Writing of a similar IdP logout.jsp function, On Mon, 12 Nov 2012, at 15:09 , Andrew Morgan <morgan@…> wrote:

To deploy this, stick [the logout.jsp file] in the root of the WAR file. You can either use zip to add it to the WAR file or a better idea would be to put it in the src/main/webapp/ directory of your Shibboleth install directory.

I found another interesting logout idea from NCSU:

They provide multiple logout pages that have different behaviors. We may implement that here at OSU also.

I don't know if this information would be worth putting in the wiki, but hopefully the next guy that needs to implement IDP logout will have a better starting point than I did!

Test & Usage

The following re-directs to a proof-of-concept page in the main IAM wiki after deleting the IdP sesssion:

Test behavior by pasting into a browser address.
Note that if there is no current IdP session, instead of a re-directing to the specified page, this attached login.jsp presents a generic page with the text "You are not logged in."