|
|
|
Ensuring that a user is completely logged out of all sessions ensures security. Signout is the process of a user being logged out of all of his user sessions associated with the browser that initiated the logout.
Signout is triggered by a user-initiated logout and is implemented using a Signout Servlet at Account Partner and Resource Partner sites. A user initiates a signout request from an Account Partner or a Resource Partner by clicking a link pointing to the respective signout servlet that then triggers the signout process.
Be aware that signout does not necessarily end all sessions for a user. For example, if the user has two browsers open, that user can establish two independent sessions. Only the session for the browser that initiates the signout is terminated at all federated sites for that session. The session in the other browser is still active.
Note: SiteMinder only supports the WS-Federation Passive Request profile for signout.
By configuring the settings on the Signout tab, you are informing the Account Partner whether the Resource Partner supports signout, and if so, how signout is handled.
If you enable signout, you must also:
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |