I have recently configured Shibboleth Service Provider for my IIS web server and Microsoft Azure. The authentication works like a charm but I do have some problems getting Azure or Shibboleth to redirect to my correct local logout page.
To be honest then I am not 100% sure how the logout mechanism works but from my web page I am calling this logout:
https://my.webserver.xyz/Shibboleth.sso/Logout
This will in fact log me off from Azure on my application but my problem is that it will show this standard Shibboleth logout page after logoff:
Local Logout
Status of Local Logout: Logout completed successfully.
You MUST close your browser to complete the logout process.
But I want it to redirect to https://my.webserver.xyz/loggedout/ instead of this standard information.
After some more troubleshooting I found that I could add an URL return parameter like this:
https://my.webserver.xyz/Shibboleth.sso/Logout?return=https://my.webserver.xyz/loggedout/
But this gives the exact same local HTML file from Shibboleth.
I know that I can change the local Shibboleth /etc/localLogout.html file to redirect to my logout URL:
<html>
<head>
<meta http-equiv="Refresh" content="0; url='https://my.webserver.xyz/loggedout/'" />
</head>
</html>
But this seems to be a bad and cumbersome method so surely I am missing out some details here. I am using [Shibboleth][2] v3.1.0.1 with IIS and PHP if this is relevant.
Can anyone point me in a direction on how I can navigate directly to my logout page?
I will answer the question myself as there have been no other solutions propossed and this seems to work for me.
I have found the problem with this as it seemed to be myself being too impatient ;-) I think I may have tested the logout functionality too soon after the configuration changes in Azure as Azure needs some time before the changes get effectuated.
I have now found out that when I have this Logout URL configured in Azure https://my.webserver.xyz/Shibboleth.sso/Logout then it redirects me back to the above standard Shibboleth /etc/localLogout.html logout page.
When I configure the Azure Logout URL to be https://my.webserver.xyz/Shibboleth.sso/Logout?return=https://my.webserver.xyz/loggedout/ then it actually will redirect directly back to this page from Azure.
It is not required to redirect back to the same URL as the one configured in Azure - you can just have a link on your web page like this https://my.webserver.xyz/Shibboleth.sso/Logout?return=https://my.webserver.xyz/test-123/ and it will redirect back to this after logout.
Morale here - be a little more patient and allow for some Azure synchronization time before rushing out and doing a lot of configuration changes :-)