[
https://issues.apache.org/jira/browse/GUACAMOLE-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17853486#comment-17853486
]
Nick Couchman commented on GUACAMOLE-1266:
------------------------------------------
[~phuleratribhuwan]: Yes, I can see in your situation, with shared desktop
resources, how this integration would be important.
In the interim you'll likely need to mitigate by either training the users to
log off of the IdP in addition to Guacamole, or by using some sort of
non-persistent browser or user profile configuration that wipes the sessions in
between users.
> Implement SAML Single Logout
> ----------------------------
>
> Key: GUACAMOLE-1266
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1266
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole
> Reporter: Michael Miklis
> Priority: Minor
>
> The SAML Authentication Extension does not seem to have a logout function
> built in. This will result in a loop. Steps to reproduce:
> * connect to guacamole ULR
> * Automatic redirect to IDP Signin Page happens
> * login via SAML IDP to Guacamole
> * Click Logoff in Guacamole
> * Redirect to Guacamole Start-Page happens
> * Redirect to IDP Signin Page
> * User gets signed in automatically as the session on the IDP is still
> existing
>
> The correct behaviour must be:
> * connect to guacamole ULR
> * Automatic redirect to IDP Signin Page happens
> * login via SAML IDP to Guacamole
> * Click Logoff in Guacamole
> * *Redirecting to configured IDP Logoff URL*
> * *IDP destroys session and redirects to Guacamole start page*
> * Redirect to IDP Signin Page
> * User gets signed in automatically as the session on the IDP is still
> existing
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
