Shibboleth, Logging out of individual web applications with Shibboleth

Shibboleth's default logout behavior should prevent you from losing work if you log out of one service with information still in progress in another. Here's how it works.

One of Shibboleth’s major benefits for campus users is in reducing the number of times you have to enter your NetID and password. Signing in to Shibboleth means that you can be recognized by all of the services that accept its single sign-on credentials for you.

However, an equivalent single sign-off has the potential to create unintended consequences: If you log out of one system and that one logout disconnected all your Shibboleth sessions, you could lose unsaved work in other browser tabs.

 In order to prevent that from happening, the campus standard behavior is to provide “single sign-in and multiple sign-out.” Logging out in one tab doesn’t automatically close you out of the others, although in some cases you may be prompted for another login.

How does single sign-in and multiple sign-out work?

If you’ve signed up for both Google Apps at Illinois and Box, you can see how it works as follows:

  1. In one browser tab, go to uofi.box.com.
    (If you’re not already logged in, you’ll have a Shibboleth prompt at this point.)

  2. In another tab of the same browser, go to docs.g.illinois.edu.
    (Because you already logged in to Box in the same browser, Google Apps at Illinois will also recognize you, and will take you to your drive’s inbox.)

  3. In the Google Apps tab, start a new Google Doc as a test file.
    (You’ll now have three tabs open – one Box and two Google Apps.

  4. In the Box tab, click on your name, then select Logout.
    (Box will show you a logged-out window with a login button. However, Google Apps and the test doc will still be open.)

  5. In either of the Google Apps tabs, click into a different folder or make more edits to your Google Doc.
    (You’re still logged in and haven’t lost access to your work.)

Close the browser to log out of everything

Sometimes you want to log out of all your sessions at the same time, especially if you’ve been using a computer lab or another person’s computer.

If your browser isn’t set to remember your sessions across browser restarts, then closing the web browser (all tabs and all windows) will log you out of all your sessions.

However, if your browser is set to remember your sessions across restarts, then you’ll need to log out of each Shibboleth-authorized window separately.




Keywords:Shibboleth, single sign on, IDP logout, SP logout   Doc ID:58105
Owner:Keith W.Group:University of Illinois Technology Services
Created:2015-11-10 15:19 CSTUpdated:2016-12-19 16:10 CST
Sites:University of Illinois Technology Services
Feedback:  0   0