Overview#Single Logout is a Logout Process where Logging Out causes the End-User to be Logged Out of all Identity Provider (IDP)s
Single Logout and Single Sign-On#Single Sign-On (SSO) systems enable users to authenticate themselves to multiple online services with one authentication credential and mechanism offered by an Identity Provider (IDP). The Single Sign-On topic is widely studied and many solutions exist. However, Logging Out of a service using Single Sign-On has received less attention.
Single Logout Problems:
- End-User may not know the status of Logging Out
- Architecture knowledge of Single Sign-On is required to understand Logging Out
- Does the user want to log out from a single Service Provider or from all Service Providers?
- Implementation problems in Service Provider side
- If Either Identity Provider (IDP)’s own session or Service Provider’s session is left behind – either one could be enough to let user back in
- Cookie and Token management (Authentication cookie, Access Token)
- If user really want to log out, they probably need to close the web browser