SSO restricting complete logout
Our students and faculty connect via SSO - In our lab space on public machines, when students sign in, they cannot fully log out when they use the log-out feature. Another student logging on to Brightspace from the same machine will be brought to the prior user's account. The only way to correct this is to log off the browser or fully clean the cache. This is problematic in our simulation center when our students need to use two browser-based applications at once. Using Incognito or a different browser type does not fix the problem. Since this is a simulation lab, there is a short window of time between students, and killing both programs just to clear the cache is not sustainable. Is there a fix for this issue? I saw a similar writeup here from 2020
Answers
-
Hi clilly.c,
By default, the Brightspace logout action ends the Brightspace session only and sends the user to the value specified in the OrgLoginPath configuration variable. Typically this is the Identity Provider (SSO) sign-in URL.
You can specify a logout redirect URL which overrides this behaviour to ensure that the user isn't simply signed back in. This URL can be any URL. Some clients redirect the user to a page notifying them to close all open browsers.
If available, you can configure the logout redirect URL to your institutions IdP logout URL if the IdP has one available (these exist for ADFS, Azure, Okta, and possibly others).Also important to note that our implementation of SAML does not support Single Logout (SLO).
If you need any assistance with any of the above please open a case with the D2L Support team who can assist you in making the changes.
Hope this helps!
