|
|
|
The single logout (SLO) profile allows near-simultaneous logout of all sessions provided by a specific session authority and associated with a particular user. The logout is directly initiated by the user. A session authority is the authenticating entity that has initially authenticated the user. In most cases, the session authority is the Identity Provider.
The benefit to configuring single logout is that it ensures no sessions are left open for unauthorized users to gain access to resources at the Service Provider.
The single logout service can be initiated via user's browser from a link at the Service Provider or at the Identity Provider. When a user wants to logout, he clicks the logout link which points to an SLO servlet. This servlet, which is a component of Federation Web Services, processes logout requests and response coming from a Service Provider or Identity Provider; however, the servlet does not need to know the originator of the request or response. It uses the SiteMinder session cookie to determine the session to log out.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |