This document describes the Library's Shibboleth Logout strategy.
Most web applications have a concept of "logout", i.e., if a user logs into an application, the user is given the opportunity to log out. The applications which the Library supports all offer a "logout" (or something semantically similar) link for a user who is currently logged in. It is out intention to keep the logout functionality, even after moving to Shibboleth.
Shibboleth does not support global logout, so this is the only sentence that is going to mention it.
There are two locations where logout happens with Shibboleth (three if counting the application, but for the case of Shibboleth itself, only two):
- Service Provider
- Identity Provider
For the Service Provider (SP) logout, if using
shibd, the following should be done:
- Redirect the browser to
- Alter the following pages to look like the HTML below:
Note: Change d5n1 to dp if this is a production installation.