如何从shibboleth注销 [英] How to logout from shibboleth
问题描述
我使用 shibboleth 服务来实现以下目的
Im using shibboleth services inorder to acheive the following
- 用户尝试访问 https://sp.dev.myserver.com/secure 中的受保护资源/
- 重定向到 WAYF
- 选择 idp 并重定向到 IDP 并根据学校的 LDAP 进行身份验证用户名:myuser@gmail.com密码:test
重定向到https://sp.dev.myserver.com/secure/" 并且属性在 SP 的会话中可用.
- User tries to access the secured resource in https://sp.dev.myserver.com/secure/
- redirects to WAYF
- selects idp and redirects to IDP and authenticated against School's LDAP username:myuser@gmail.com password:test
redirects to "https://sp.dev.myserver.com/secure/" and the atttributes are made available in the SP's Session.
PHP测试
<?php
echo '<p>Hello User</p>';
?>
<?php
echo "Given Name: " . $_SERVER["givenName"] . ".<br>";
echo "Email : " . $_SERVER["mail"] . ".";
?>
<a href="https://sp.dev.myserver.com/Shibboleth.sso/Logout">Logout ME</a>
</body>
</html>
我可以在这个 php 页面中显示经过身份验证的用户的详细信息.
I could show the details of the authenticated user in this php page.
现在我添加了一个超链接来执行注销并在其中添加注销 URL
Now i have added a hyper link to perform Sign Out and added the log out url in it
现在,当我点击注销按钮时,它会重定向到 url 并显示以下内容
Now when i hit the logout button it redirects to url and shows the below
我关闭了浏览器并尝试访问 https://sp.dev.myserver.com/secure 但会话没有被破坏,它显示了包含上次登录详细信息的页面.
I closed the browser and tried accessing https://sp.dev.myserver.com/secure but the session was not destroyed and it showed the page with the details from the previous login.
我如何才能正确退出.有人可以帮我解决这个问题吗?
How do i achieve a proper sign out.Can some body help me to fix this ?
PS:如果我想添加更多信息,请告诉我.提前致谢
PS:Please let me know if i want to add more info. Thanks in advance
推荐答案
从前,每当用户关闭浏览器时,所有会话 cookie 都会被删除.然后浏览器开发人员决定在关闭浏览器后保留会话 cookie 会有帮助".请参阅背景信息这里.
Once upon a time, whenever a user closed their browser, all the session cookies were deleted. And then browser developers decided it would be "helpful" to keep the session cookies after closing the browser. See the background information here.
我猜测您的浏览器没有设置为在关闭浏览器时清除会话 cookie.使用背景信息更改您的设置并再次尝试测试.
I'm guessing that your browser is not set in such a way as to clean out session cookies when close your browser. Use the background information to change your settings and try testing again.
由于这破坏了许多 SAML 联盟的关闭浏览器注销"指令(我相信您已经经历过),最初不相信实现 SLO(单点注销)的团体现在支持 SLO.如果学校的 IDP 有 SLO 端点,您可以针对该端点实施注销.请参阅 第 4.4 节了解单点注销规范 (PDF).请注意,端点将在 IDP 元数据中标识为 SingleLogoutService.
Since this busted the "close browser to log out" instruction for many SAML federations (as i believe you have experienced), groups that originally didn't believe in implementing SLO (Single Log Out) now support SLO. If the school's IDP has a SLO endpoint, you can implement log out against that. See Section 4.4 for the Single Log Out spec (PDF). Note the endpoint will be identified in the IDPs metadata as the SingleLogoutService.
这篇关于如何从shibboleth注销的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
