In General the implementation of SAML(2) works with the combined efforts of us participating in this thread for different IdP’s.
What remains is as mentioned previously :
- Support for a correct logout on both Check_mk (destroy session/cookie) as application aswell as closing the authentication on the IdP end ( Single Logout (SP-initiated))
- Support for Single Logout (IdP-initiated), as the mod_auth_mellon does advertise SLo-endpoints in its Metadata it is assumed based on this that when a logout is done (IdP-initiated) on whatever IdP-application next to Check_mk one was authenticated you are (fully logged out)logged out.
Do we have a hook somewher in Check_mk which we could use to destroy the session ?