r7981

After testing and observing the results, I'm going to default the LogoutResponse back to the requesting SP to Success rather than Success + PartialLogout.

The right thing is to somehow delay the response until establishing all the propagation results, but I deferred that work.

Partial success has some nasty effects, in particular it seems to cause at least one ADFS system I now of to fail to complete the logout, and I observed an unfortunate side effect in the Shibboleth SP such that the SP won't redirect to a relay-state-driven target resource after the logout, which makes application integration harder. So I'd rather default to Success, given that when this happens, the SP's UI isn't visible anyway, we're doing this in a hidden iframe.

r7979

logout.css added

+1 on putting those two CSS classes in logout.css. I should have done that from the beginning.

Possible thought: should we move the two CSS additions to a separate logout.css file to make the upgrade simpler?

Mostly just working through the issues involved in enabling this on an upgrade, but apart from the artifact issue I identified and patched around, the mechanical aspect of the logout protocol is working with our shibboleth.net SP(s).

Of course, that != logout working. The application issues here with just these two apps border on insurmountable, which is not a big surprise.