[Unity-idm-discuss] configure SLO

[Sander A. <sa....@fz...>]

Hi Krzysztof,
in past we did not support/use SLO due most user did not want to logged
out on all services if the logout from one. This opinion is changing
especially on the user who are the managers.

We did not change any attributes from the default unity config. Can you
give us a hint which attributes must be configured to perform SLO? Of
course we must configure the SLO endpoints of the accepted SPs. The SLO
endpoints from the upstream IdPs should be fetched from the metadata
file, if they are provided within. Is this assumption correct?
Beside of this, do we only need to configure
- unity.saml.requester.sloPath=/SLO-WEB
- unity.saml.requester.sloRealm=defaultRealm

I guess unityServer.core.logoutMode is only for clicking on the logout
button on unity. But also here we recognized using the default value
internalAndSyncPeers doesn't you logout from the IdP. But maybe this is
also not working because we did not enable SLO.

Best regards,
Sander
-- 
Federated Systems and Data
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht,
Prof. Dr. Frauke Melchior
-----------------------------------------------------------------------
-----------------------------------------------------------------------