...
CCC's Single Logout solution leverages the SSO Proxy and the proprietary SSO endpoints of the College Identity Providers to achieve single logout.
A nice to have addition is to add a logout endpoint to Mitre OpenID connect to invalidate access and refresh tokens.
| Lucidchart | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
The user clicks logout in the Service provider (i.e Common Assessment). Since all CCC Services use Spring Security SAML (CWF - Is this a valid assumption?)(PKN For Apps not using spring security, the will have to create custom logout code that accomplished the same thing), logging out in Spring Security will terminate both the SSO and application session. When logout is complete, the user will be directed to the new logout page in the SSO Proxy.
...