SSO re-login failure when global logout is disabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
High
|
Unassigned | ||
3.8 |
Fix Released
|
High
|
Unassigned |
Bug Description
Evergreen version: 3.9+ (probably 3.7+, but not reported)
When using Shibboleth for SSO, and global logout is disabled, logging in after logout on the same computer can fail with a 404-Not Found. The problem is that we need to ignore our local "don't trust Shibboleth login" cookie in this situation.
This change also means we need to delegate SP logout, in addition to possible IdP and/or global logout, to the Shibboleth configuration. Therefore we always redirect to the Shibboleth logout service on Evergreen logout (when Shibboleth SSO is enabled), and SP, IdP, and global logout is configured and mediated by the Shibboleth and IdP configuration.
See https:/
Branch forthcoming...
tags: | added: signedoff |
Changed in evergreen: | |
milestone: | none → 3.9.1 |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
Fix available at the top of https:/ /git.evergreen- ils.org/ ?p=working/ Evergreen. git;a=shortlog; h=refs/ heads/user/ miker/lp- 1989209- sso-logout- fix