forked from Uninett/mod_auth_mellon
-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalidating session doesn't work #97
Comments
Are you sure you're not just seeing Single Sign On behaviour from the IdP? That is, the mellon session is indeed invalidate, you are redirected to the IdP again but this IdP has Single Sign On so you're immediately redirected back to the SP and get a new session? You can confirm this with the SAML Tracer browser plugin. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have configured Google SAML to perform SSO for our app. Enabled MellonEnabledInvalidateSessionEndpoint On in httpd.conf
The flow works as expected, when user clicks on "Logout" from UI, user is redirected to
https://my.domain.com:10020/idp-discovery.html?ReturnTo=https://my.domain.com:10020/
However, when user clicks on "Login" from above location, they are authenticate and allowed to login.
mellon-cookie seems to be activate as its not affected by /mellon/invalidate
Any thoughts?
The text was updated successfully, but these errors were encountered: