Single Log Out problem


I’m using Indico v 2.x on CentOS 7.5 configured on Apache as descibed in official docs.

I’ve configured Shibboleth to use SSO, and it works just fine, but I also want to use single logout - logout of my indico instace should logout user from all other services used with that credentials.

The problem that I’m facing is that once i hit “logout” button in Indico, I get notification that I successfully logged out via my “logout_uri”, and once I try to use other services than Indico it requires to login again (which means that logout works correctly). But when I hit the login on Indico in the same web browser session, I get logged in without passing any credentials (despite the fact that I’m logged out from IdP/sso).
My question is: is Indico storing somwhere login data (cookie?) and how to prevent indico from passwordless logging while user is logged out from SSO?

Thanks in advance.

During a logout we clear the session (so you are always logged out from indico) and, in case of Shibboleth, redirect you to the logout_uri configured in the shibboleth auth provider config in indico.conf.

If clicking “login” in indico immediately logs you in that sounds like a problem with your Shibboleth setup - all we do when clicking “Login” with Shibboleth is redirecting you to the callback_uri configured for Shibboleth (where then mod_shibboleth takes over).

I was not percise, excuse me.
Actually I have to click “Login” then “SSO” and from sso point I’m not anymore redirected to login website but I get logged id immediately. If i reload my web browser then it redirects me correctly to sso login page.

Just discovered - after some time (will check later how much it takes) it redirected me to sso login page. Something must store login data for a bit of time… I’ll check it later.