SLODemo
A lap korábbi változatát látod, amilyen Bajnokk(AT)niif.hu (vitalap | szerkesztései) 2009. augusztus 12., 16:25-kor történt szerkesztése után volt. (→SP4: Backdoor, Please!)
Tartalomjegyzék
Preparing
- Metadata (unsigned)
- IdP: Based on Adam's Git repository
 |
Note
This version is still unreleased. You can grab a snapshot from the Git repository by selecting the latest commit and clicking on thesnapshot link |
Service Providers
SP1: (Not-so) Old Release
| SP software | Shibboleth 2.1 (Debian) |
| Front channel logout | supported |
| Back channel logout | not working |
| Notes | Back-channel logout returns 'Partial logout' due to a bug |
SP2: Bright Shining Star
| SP software | Shibboleth 2.2+ source build |
| Front channel logout | supported |
| Back channel logout | supported |
| Notes | Both front- and back-channel logout should work properly |
SP3: The Pretender
| SP software | SimpleSAMLphp SAML2 SP |
| Front channel logout | supported |
| Back channel logout | not supported |
| Notes | SimpleSAMLphp does not support back-channel bindings, therefore the metadata does not contain it |
SP4: Use The Backdoor, Please!
| SP software | Shibboleth 2.2+ source build |
| Front channel logout | not supported |
| Back channel logout | supported |
| Notes | The metadata of this SP does not contain front-channel bindings for logout |
SP5: Old Slowhand
| SP software | Shibboleth 2.1 (Debian) |
| Front channel logout | not working (times out) |
| Back channel logout | not working (times out) |
| Notes | Metadata points to a fake logout service that is not answering in time |
SP6: Shibboleth Neanderthalensis
| SP software | Shib 1.3 (IRL: Shibboleth 2.1) |
| Front channel logout | not supported |
| Back channel logout | not supported |
| Notes | The metadata of this SP does not contain any logout services, just like a normal Shib1.3 SP |
SP7: Good Guy Speaking Ancient Greek
| SP software | Shibboleth 2.2+ (Debian) |
| Front channel logout | supported |
| Back channel logout | supported |
| Notes | This is a 2.x SP but it uses Shibboleth 1.3 SSO protocol. I'd expected a logout failure because of the Shibboleth-specific NameID format, however it turned out working. |
SP8: Blitzkrieg
| SP software | Shibboleth 2.2+ (source) |
| Front channel logout | not working (if timed out) |
| Back channel logout | not working (if timed out) |
| Notes | This is a special SP that has a very short session lifetime (30 sec). If you hit the logout button within 30 sec, it should work but it should fail afterwards, because the principal is no longer known to the SP. |
Expected results
SAML2
Single Logout profile is for SAML2 only. Therefore SP6 (Neanderthalensis) and SP7 (Ancient Greek) will always fail.
The same applies for SP5 (Old Slowhand) if the Logout request is not initiated by it.
Front-channel, back-channel
The IdP can fallback to back-channel, if the logout is front-channel and the SP software does support only back-channel bindings. Not the other way, because front-channel bindings need the information held in browser cookies.
