Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

In a non-federated suite of applications where the applications and authentication mechanism is controlled by a single institution,  logout is a simple requirement to implement. 

In a federated SSO scenario, to implement logout functionality, the following must be answered:

  • Will the user be using a shared workstation/kiosk where especially important that a previous user's session not be assessable by a new user?
  • At which college/district IDP did the user authenticate?
  • If a user is logged into to multiple applications, does logging out of one application mean the user should be logged out of all applications?  For example, if the user is logged into MyPath and Canvas, does logging out of MyPath also mean the user should be logged out of Canvas?


The following article has a good explanation in the issues associated with logout in a federated environment.



For applications developed by the CCC Technology Center and its development partners, clicking the logout link in the application will result in:

  • The application containing the logout link (and SSO session if separate) terminating.
  • All other Technology center applications  (and SSO session if separate) terminating.
  • The IDP (Proxy?) session terminating.
  • A final page instructing the user to close the browser.




Reference

https://wiki.shibboleth.net/confluence/display/CONCEPT/SLOIssues

http://xacmlinfo.org/2013/06/28/how-saml2-single-logout-works/

https://www.portalguard.com/blog/2016/06/20/saml-single-logout-need-to-know/


  • No labels