Main Nav

Message from rich.stevenson@umuc.edu

We have implemented Shibboleth IdP (I believe we are on 2.3.4) using CAS as the authentication provider and are exploring what our options are for SLO. I've read through the extensive discussions on the Shib-Users list about WHY single logout isn't supported today, that it is on the product roadmap, and that it is as much an application/service provider issue as a Shibboleth issue (e.g., Google Apps doesn't support the SAML SLO functionality). Given all that, my institution is confronting this problem and is interested in HOW other Shibboleth institutions are handling this. So if you have Shibboleth deployed, particularly in conjunction with CAS, what technical or procedural workaround have you implemented to handle the issue? Most of the comments seem to suggest that people are using a combination of training and user messaging (landing on a page telling a user who clicks a "logout" button to close their browser, etc.). If you've come up with a more elegant solution, please post to the group or contact me off list. This would seem to be a growing problem given the movement of more and more services to SaaS/cloud. We are implementing cloud CRM, and have already implemented cloud email (Gmail) and cloud web meeting (WebEx), and the idea of a session staying potentially active on a public computer doesn't sit well with our security team. Thanks, Rich -- Richmond Stevenson Assistant Vice President, Enterprise Architecture and Strategy University of Maryland University College 3501 University Blvd. East Admin Bldg 1254 Adelphi, MD 20783 (301) 985-7045 rich.stevenson@umuc.edu ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.