Announcement Announcement Module
Collapse
No announcement yet.
IDP initiate Single Log Out Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • IDP initiate Single Log Out

    Hi,

    I set the Spring Security SAML Extension as a 'SP' integrated with my web app. Single sign on works fine.

    When a user selects global log out from my web app, he is logged out both from SP and IDP and does not allow to access protected web pages again. This is right.

    But then a user selects log out from another web app (in the same trust circle). I checked from log that IDP sends samlp:LogoutRequest to SP, and SP sends back saml2p:LogoutResponse with Success to IDP. This user now is certainly logged out from IDP. But it seems this user session is not killed, this user still be able to access protected web pages!!! This is wrong. Any ideas/suggestions?

    Cheers,
    patch

  • #2
    Hi,

    Could you please open a Jira issue for this? I'll try to get it reproduced.

    Cheers, Vladi

    Comment


    • #3
      Hi Vladi,

      An issue https://jira.springsource.org/browse/SES-118 was created.

      Cheers, patch

      Comment

      Working...
      X