Overview#

Single Logout is a Logout Process where Logging Out causes the End-User to be Logged Out of all Identity Provider (IDP)s

Single Logout and Single Sign-On#

Single Sign-On (SSO) systems enable users to authenticate themselves to multiple online services with one authentication credential and mechanism offered by an Identity Provider (IDP). The Single Sign-On topic is widely studied and many solutions exist. However, Logging Out of a service using Single Sign-On has received less attention.

Single Logout Problems:

• End-User may not know the status of Logging Out
• Architecture knowledge of Single Sign-On is required to understand Logging Out
• Does the user want to log out from a single Service Provider or from all Service Providers?
• Implementation problems in Service Provider side
• If Either Identity Provider (IDP)’s own session or Service Provider’s session is left behind – either one could be enough to let user back in
• Cookie and Token management (Authentication cookie, Access Token)
• If user really want to log out, they probably need to close the web browser

Single Logout SAML#

Single Logout in SAML is defined by the Single Logout Profile

More Information#

There might be more information for this subject on one of the following:

• Logging Out
• Logout Mechanism