NetID Login Service - Configuring Logout

Configuring Logout

No Single Logout

Single Logout in the context of the UW NetID Login Service would be the action of clicking a Logout link or button that would cause the user to be logged out of all NetID Login-protected applications at once.  Currently, Single Logout is not possible in the UW NetID Login Service.  There are many reasons for this, and if you're interested in details this document provides a good overview.

The only complete NetID logout is closing the browser and clearing all session cookies, which is the end user's responsibility.  End users can review instructions on clearing cookies and making sure their browser is safely configured here: NetID Login Service - Logout Procedure.

Logout of individual applications

Application developers can use the central NetID logout page (https://login.wisc.edu/logout) as a way of requiring users to sign back in with their NetID in order to:

1. return to the most recently used NetID-protected web application or
2. access any NetID-protected resources not previously visited during that browsing session

When the user clicks a link to the NetID logout page, their session on the login server will be cleared.  However, the central logout page will not log the user out of other NetID-protected resources they've already signed into during the current browsing session (e.g. other tabs in the same browser). Those resources will remain available without the need to sign in again until the user closes the browser and clears the session cookies.

In Shibboleth, redirection to the central logout page can be done by using the Logout property of the Shibboleth handler to perform a Local Logout and attaching a return value that redirects the user to the UW NetID Login Service logout page.

Here's a sample logout link for the application example.dept.wisc.edu:

<a href="https://example.dept.wisc.edu/Shibboleth.sso/Logout?return=https://login.wisc.edu/logout">Logout</a>

See Also:

• NetID Login Service - Logout Procedure