Jonathan can you please give us an update on this ? It's not really secure to implement Shibboleth login if logging out from Seafile does not log you out from the SP. An implicit login when logged out but still having a Shibboleth session open is keeping us away to implement single sign on. It would be a great help if you can take this into consideration.
Of course we could just ping /Shibboleth.sso/Logout in the Seahub logout page, but will be kind of an improper hack, and also not officially supported.
That's what is needed for a SingleLogout action (This is PHP code, just as an example)
* @Route("/logout", name="lightsaml_sp.logout")
public function logoutAction()
$logoutRequest = new LogoutRequest();
$destination = $this->getParameter('sp_location'). "/SLO/POST";
// Get credential to for Logout signature
$credentialStore = $this->get('lightsaml.own.credential_store');
$credentialArray = $credentialStore->getByEntityId('https://sso.local/metadata');
$credential = $credentialArray;
$ownSignature = new SignatureWriter($credential->getCertificate(), $credential->getPrivateKey());
//the parameter "saml.entity_id" must contain your Service Provider ID
$serializationContext = new SerializationContext();
$XMLrequest = $serializationContext->getDocument()->saveXML();
$reponse = new SamlPostResponse($destination, ['SAMLRequest' => base64_encode($XMLrequest)]);
That's a proper Logout setting the NameID of the logged out user. Another simple way if local Logout is implemented is to send a request to Shibboleth.sso/Logout but I bet in most good configured SPs that is not possible.