Dspace 7.6.1 Shibboleth logout is no complete logout
46 views
Skip to first unread message
Matthias Letsch
Apr 16, 2024, 8:58:50 AM4/16/24
to DSpace Technical Support
Hello there,
when logging out, the Shibboleth sessions seem to be not deleted correctly. If you go to Log in again after logging out, you do not have to log in to the IdP again. If a login attempt is made in the same browser session with a different authentication method, e.g. email + password, after logging out, the previous user logs in again via Shibboleth instead of the new one. The logout process therefore only seems to delete the sessions of the application itself and not those of shibboleth.
Is this a normal/desirable behavior? Is there a way to configure DSpace so that the shibboleth session is closed for good or that you land on an existing local logout link of the identity provider after logout?
Is this a normal/desirable behavior? Is there a way to configure DSpace so that the shibboleth session is closed for good or that you land on an existing local logout link of the identity provider after logout?
Thank you and kind regards
Matthias
Matthias
DSpace Technical Support
Apr 23, 2024, 4:07:55 PM4/23/24
to DSpace Technical Support
Hi Matthias,
This is a bug that is logged here: https://github.com/DSpace/DSpace/issues/8475 It is still waiting on a volunteer developer to help us solve the issue.
One workaround is to ensure your PasswordAuthentication is listed *before* your ShibAuthentication in your configuration. See this comment: https://github.com/DSpace/DSpace/issues/8475#issuecomment-1693015102
Tim
Reply all
Reply to author
Forward
0 new messages