1 260
szerkesztés
Módosítások
→Service Providers: updated SP versions
{{STOP|For more complete description please go and see [[Single Logout in Shibboleth IdP|how Single Logout is implemented]] in Shibboleth IdP.}}
To demonstrate the features we have prepared a [https://www.aai.niif.hu/SLODemo/sloDemo.php demo application]. The main purpose of the demo is to test the UI and various error conditions.
== Preparing ==
* [https://idp.niif.hu/slotest-metadata.xml Metadata] (unsigned)
=== SP1: (Not-so) Old Release ===
{{SLODemoSP
| software=Shibboleth 2.2.1 (Debianbackports)
| front=supported
| back=not workingsupported| notes=Back-channel This was a 2.1 SP which used to report partial logout returns on backchannel. Now it'Partial logout' due to a [https://bugs.internet2s working OK.edu/jira/browse/SSPCPP-223 bug]
}}
=== SP2: Bright Shining Star ===
{{SLODemoSP
| software=Shibboleth 2.2+ source build.1 (Debian SID)
| front=supported
| back=supported
=== SP4: Use The Backdoor, Please! ===
{{SLODemoSP
| software=Shibboleth 2.2+ source build.1 (Debian SID)
| front=not supported
| back=supported
=== SP5: Old Slowhand ===
{{SLODemoSP
| software=Shibboleth 2.2.1 (Debianbackports)
| front=not working (times out)
| back=not working (times out)
=== SP6: Shibboleth Neanderthalensis ===
{{SLODemoSP
| software=Shib 1.3 (IRL: Shibboleth 2.2.1Debian backports)
| front=not supported
| back=not supported
=== SP7: Good Guy Speaking Ancient Greek ===
{{SLODemoSP
| software=Shibboleth 2.2+ .1 (DebianSID)
| front=supported
| back=supported
=== SP8: Blitzkrieg ===
{{SLODemoSP
| software=Shibboleth 2.2+ .1 (sourceDebian SID)
| front=not working (if timed out)
| back=not working (if timed out)
| notes=This is a special SP that has a very short session lifetime (30 sec). If you hit the logout button within 30 sec, it should work but it should fail afterwards, because the principal is no longer known to the SP.
}}
=== SP9: Knight Without Armour ===
{{SLODemoSP
| software=Shibboleth 2.2.1 (Debian SID)
| front=supported
| back=supported
| notes=This SP only supports HTTP for both SSO and SLO. Presumably, it would not work if the SSO was using HTTPS (not checked).
}}
=== Start over ===
On page refresh you can start it over. If you are not asked for password by the IdP, it means that your IdP session was not cleared properly, therefore the logout is failed.
=== How to get your SP involved ===
# Configure the SP as you wish
#* '''Don't forget to set <code>signing="true"</code> or <code>signing="false"</code>''', as described in the [[Single_Logout_in_Shibboleth_IdP#Non-trivial_settings | SLO documentation]]
# Configure the target application (or the page which is served on homeURL) to redirect to <code>https://www.aai.niif.hu/SLODemo/sloDemoLoginRedirect.php</code>.
# Send SP details to '''aai _at_ niif _dot_ hu'''
#* Metadata
#* SessionInitiator URL
#* Optionally:
#** Front-channel logout initiator (if there's any)
#** Back-channel logout initiator (if there's any)
#** SP software & version
#** Session handler (attribute viewer) URL
#** Short description of what to test
#** A funny name, of course ;)
# Configure your SP to trust [https://idp.niif.hu/slotest-metadata.xml slotest metadata] (this will contain your SP metadata as well).
# Please inform us when your test SP is no longer functioning
==== Setting up a back-channel only LogoutInitiator ====
See [https://bugs.internet2.edu/jira/browse/SSPCPP-230 this Jira entry] for background. If you have a pre-2.2.1 SP, you should use:
<source lang="xml">
<LogoutInitiator type="Chaining" Location="/BackChannelLogout" relayState="cookie">
<LogoutInitiator type="SAML2" outgoingBindings=" " />
<LogoutInitiator type="Local"/>
</LogoutInitiator>
</source>
== Expected results ==
