In a federated SAML2 SSO environment, logging out of an application can be a complex problem based on all the SAML2 Service Providers and Identity Providers participating in a users SSO session.
SAML2 attempted to provide a standard for Single Logout (SLO), but it was never adopted by the SAML2 community due to the complex configuration required by Service and Identity Providers, and the large number of network hops required to carry out SLO across the federation. Because of these issues, all major SAML2 identity providers including Shibboleth, PortalGuard and Ellucian provide proprietary SLO endpoints that greatly simplify the logout process.
CCC's Single Logout solution leverages the SSO proxy and the proprietary SSO endpoints of the College Identity Providers to achieve single logout.
In a non-federated suite of applications where the applications and authentication mechanism is controlled by a single institution, logout is a simple requirement to implement.
...