I’m using Indico v 2.x on CentOS 7.5 configured on Apache as descibed in official docs.
I’ve configured Shibboleth to use SSO, and it works just fine, but I also want to use single logout - logout of my indico instace should logout user from all other services used with that credentials.
The problem that I’m facing is that once i hit “logout” button in Indico, I get notification that I successfully logged out via my “logout_uri”, and once I try to use other services than Indico it requires to login again (which means that logout works correctly). But when I hit the login on Indico in the same web browser session, I get logged in without passing any credentials (despite the fact that I’m logged out from IdP/sso).
My question is: is Indico storing somwhere login data (cookie?) and how to prevent indico from passwordless logging while user is logged out from SSO?
Thanks in advance.