I am a little confused about the Logout URL I need to supply to an
_external_service_provider__(in this case a Shibboleth SP). What we
want is for the user to remain logged in to Access Manager when they log
out of the external site so that if they go to one of our own protected
web sites they do not have to sign on again. The Novell TID for
integrating Google Apps suggests using
https://idepedir.dmu.ac.uk/nidp/saml2/slo_return (I have used our own
Identity Provider URL). The TID says this signs them out of the IDP and
the AG which we do not want. So, we configured the logout URL to be
https://idpedir.dmu.ac.uk/nidp/images/dmu/logout.jsp which will redirect
to https://esp.dmu.ac.uk:443/AGLogout only if the button "Logout of
Single Sign-On is selected", otherwise the user should stay
authenticated. However, if the user selects to stay authenticated
he/she is asked to authenticate again when he/she goes to a protected
site (same contract). It looks like the user is logged out regardless.
I am a bit confused - am I doing something wrong or is it that I do not
understand what I am doing?
Any advice welcome.
Steve Tennant

sttennant's Profile: https://forums.netiq.com/member.php?userid=389
View this thread: https://forums.netiq.com/showthread.php?t=49012