|
|
|
The single logout (SLO) profile allows near-simultaneous logout of all sessions provided by a specific session authority and associated with a particular user. The user initiates the logout directly. A session authority is the authenticating entity that has initially authenticated the user. In most cases, the session authority is the Identity Provider.
Single logout helps ensure that no sessions are left open for unauthorized users to gain access to resources at the Service Provider.
The user can initiate single logout service from a browser by clicking a link at the Service Provider or at the Identity Provider. The user clicks the logout link which points to an SLO servlet. This servlet, which is a component of Federation Web Services, processes logout requests and responses coming from a Service Provider or Identity Provider. The servlet does not need to know the originator of the request or response. The servlet uses the SOA Security Manager session cookie to determine the session to log out.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |