SlideShare ist ein Scribd-Unternehmen logo

Single Logout

Andreas Åkre Solberg
Andreas Åkre Solberg

A Presentation on Single Logout

Technologie
1 von 23
Downloaden Sie, um offline zu lesen
Single Log-Out Andreas Åkre Solberg Malaga, June 2009
Sessions On Web • HTTP originally stateless • Using Cookies to keep state • Cookies in RFC2965 • Set a session ID first time user visits, sent back to site for every HTTP request HTTP GET Browser 2 Site Subsequent req. Set-Cookie: ID=23846 Cookie: Browser ID=23846 1 First request
Cookies limited to domains Set-Cookie: ID=123; domain: .site.org Cookie sessions can be on one domain only. WebSSO protocols extend user sessions between domains. Master session IdP Session WebSSO WebSSO Session SP SP
Consequenses of not terminating SSO Logging in to one service, and not terminating the SSO session enables access to a wide range of other services. Users do not understand this. SP WebSSO WebSSO IdP Financial system X. SP Employee salary Extending loan WebSSO WebSSO payment. period of a book at the library. SP SP
Logout What do users do when they want to logout? They: • Click logout, or • close the browser/tab
Close the tab??? Yes, (some) people close the tab to logout. We hired a company to perform usability testing with real-users.
Logout Most federations does not offer any kind of logout. What if we want to provide some kind of logout? What are our options?
Local Logout Can the federations leave logout to the services alone? And they can provide independent local logout? NO! What will SSO do to you, if you click login after having logged out locally?
Local + IdP Logout Is this a good idea? SP2 Still active session LogoutRequest IdP 1 SP1 2 SP3 LogoutResponse Still active session SAML 2.0 provides protocol Active session element to distribute logout Deactivated session among entities.
Local + IdP Logout Boundaries between SPs is washed-out with SSO. The user can never know exactly which services she is logged into (because SSO is transparent). Therefore local + IdP logout is a «no go»! MyPortal.com Service foo SP1 IdP Service bar SP2
Single Logout - as in SAML 2.0 Single Logout Profile LogoutRequest SP2 2 3 LogoutResponse LogoutRequest IdP 1 SP1 6 4 LogoutRequest LogoutResponse LogoutResponse 5 SP3 Logout is fully propagated to all services that share a session...
Single Logout Usability There is no way to get the user to understand what is going on with SLO, without being extremely clear and excplicit. Because users generally do not understand fully SSO, there is no common intuitive understanding of what SLO will do. It differs from user to user. One of the things we tried: Naming the button 'Global logout' is not making it any easier for the user.
Single Logout Back-Out Users that are in the middle of an important transaction at SP2, will not like if it is interrupted when they logout from SP1. - Real-life example: Requirement from an financial system SP The user should be told which servers she is logged on-to, and asked whether she wants to log out from all of them.
Single Logout Bindings Front-channel: • Not robust. SP2 may throw 500 internal error on user logging out from SP1. Back-channel: • Difficult to implement for SPs, because no access to session cookie.
Single Logout Solution Our solution: • We are using front-channel only, not stuck with back-channel complexity. • Solving the robustness problem with hidden iFrames. • Presenting the user with a list of logged in services. • Option to logout local + IdP or globally. • Good feedback to user when things fail.
Single Logout Solution
Single Logout Solution SP1 SP2 SP3 Hidden iFrames sends front-channel LogoutRequests and update logout status with AJAX.
Single Logout Solution LogoutResponse LogoutResponse LogoutResponse IdP LogoutResponse endpoint on IdP updates status up user logout page with AJAX.
Live demo!
iFrame + AJAX Single Logout as provided by ble aila y Av da to
Is anyone using logout? The big question! We have had simpleSAMLphp in production in two months. Is anybody using global logout? Let's take a look at the statistics.
Is anyone using logout? Yes! At a surprising ratio of SLO:SSO at 1:10 Ratio of SSO:SLO varies very much between Service Providers. From 0 to 1:2!
Andreas Åkre Solberg http://rnd.feide.no

Empfohlen

経済学のための実践的データ分析 5.特許データの分析
経済学のための実践的データ分析 5.特許データの分析経済学のための実践的データ分析 5.特許データの分析
経済学のための実践的データ分析 5.特許データの分析Yasushi Hara
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向Tatsuo Kudo
 
Power Apps の導入失敗実例からベストプラクティスを学んでみる(強引)
Power Apps の導入失敗実例からベストプラクティスを学んでみる(強引)Power Apps の導入失敗実例からベストプラクティスを学んでみる(強引)
Power Apps の導入失敗実例からベストプラクティスを学んでみる(強引)Junichi Kodama
 
それは本当にAutomate? 改めて考えるPower Automate
それは本当にAutomate? 改めて考えるPower Automateそれは本当にAutomate? 改めて考えるPower Automate
それは本当にAutomate? 改めて考えるPower AutomateTomoyuki Obi
 
Power BI Admin Features & REST API
Power BI Admin Features & REST APIPower BI Admin Features & REST API
Power BI Admin Features & REST APIHARIHARAN R
 
すしモデリング 20150917
すしモデリング 20150917すしモデリング 20150917
すしモデリング 20150917Iwao Harada
 
Hibernate ORM: Tips, Tricks, and Performance Techniques
Hibernate ORM: Tips, Tricks, and Performance TechniquesHibernate ORM: Tips, Tricks, and Performance Techniques
Hibernate ORM: Tips, Tricks, and Performance TechniquesBrett Meyer
 
Microsoft Project Online 活用ガイド
Microsoft Project Online 活用ガイドMicrosoft Project Online 活用ガイド
Microsoft Project Online 活用ガイドkumo2010
 

Empfohlen

経済学のための実践的データ分析 5.特許データの分析
経済学のための実践的データ分析 5.特許データの分析経済学のための実践的データ分析 5.特許データの分析
経済学のための実践的データ分析 5.特許データの分析Yasushi Hara
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向Tatsuo Kudo
 
Power Apps の導入失敗実例からベストプラクティスを学んでみる(強引)
Power Apps の導入失敗実例からベストプラクティスを学んでみる(強引)Power Apps の導入失敗実例からベストプラクティスを学んでみる(強引)
Power Apps の導入失敗実例からベストプラクティスを学んでみる(強引)Junichi Kodama
 
それは本当にAutomate? 改めて考えるPower Automate
それは本当にAutomate? 改めて考えるPower Automateそれは本当にAutomate? 改めて考えるPower Automate
それは本当にAutomate? 改めて考えるPower AutomateTomoyuki Obi
 
Power BI Admin Features & REST API
Power BI Admin Features & REST APIPower BI Admin Features & REST API
Power BI Admin Features & REST APIHARIHARAN R
 
すしモデリング 20150917
すしモデリング 20150917すしモデリング 20150917
すしモデリング 20150917Iwao Harada
 
Hibernate ORM: Tips, Tricks, and Performance Techniques
Hibernate ORM: Tips, Tricks, and Performance TechniquesHibernate ORM: Tips, Tricks, and Performance Techniques
Hibernate ORM: Tips, Tricks, and Performance TechniquesBrett Meyer
 
Microsoft Project Online 活用ガイド
Microsoft Project Online 活用ガイドMicrosoft Project Online 活用ガイド
Microsoft Project Online 活用ガイドkumo2010
 
datatech-jp Casual Talks#3 データエンジニアを採用するための試行錯誤
datatech-jp Casual Talks#3 データエンジニアを採用するための試行錯誤datatech-jp Casual Talks#3 データエンジニアを採用するための試行錯誤
datatech-jp Casual Talks#3 データエンジニアを採用するための試行錯誤株式会社MonotaRO Tech Team
 
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向Hitachi, Ltd. OSS Solution Center.
 
第73回 Machine Learning 15minutes ! IBM AI Foundation Modelsへの取り組み
第73回 Machine Learning 15minutes ! IBM AI Foundation Modelsへの取り組み第73回 Machine Learning 15minutes ! IBM AI Foundation Modelsへの取り組み
第73回 Machine Learning 15minutes ! IBM AI Foundation Modelsへの取り組みTsuyoshi Hirayama
 
Confluence と SharePoint 何が違う?
Confluence と SharePoint 何が違う?Confluence と SharePoint 何が違う?
Confluence と SharePoint 何が違う?アトラシアン株式会社
 
ディープラーニングおじさんの話
ディープラーニングおじさんの話ディープラーニングおじさんの話
ディープラーニングおじさんの話karaage0703
 
bottleで始めるWEBアプリの最初の一歩
bottleで始めるWEBアプリの最初の一歩bottleで始めるWEBアプリの最初の一歩
bottleで始めるWEBアプリの最初の一歩Satoshi Yamada
 
Power BI を提案してみた件
Power BI を提案してみた件Power BI を提案してみた件
Power BI を提案してみた件Teruchika Yamada
 
Power BI データフロー 早わかり
Power BI データフロー 早わかりPower BI データフロー 早わかり
Power BI データフロー 早わかりTakeshi Kagata
 
自社で実運用中!Power Apps・Power Automate 活用事例
自社で実運用中!Power Apps・Power Automate 活用事例自社で実運用中!Power Apps・Power Automate 活用事例
自社で実運用中!Power Apps・Power Automate 活用事例Teruchika Yamada
 
Confluence x Brikit Theme Press でスタイリッシュなサイトを最速でデザインする
Confluence x Brikit Theme Press でスタイリッシュなサイトを最速でデザインする Confluence x Brikit Theme Press でスタイリッシュなサイトを最速でデザインする
Confluence x Brikit Theme Press でスタイリッシュなサイトを最速でデザインするAkira Higuchi
 
PRD Template for Product Managers
PRD Template for Product ManagersPRD Template for Product Managers
PRD Template for Product ManagersUjjwal Trivedi
 
AbemaTVにおける推薦システム
AbemaTVにおける推薦システムAbemaTVにおける推薦システム
AbemaTVにおける推薦システムcyberagent
 
SharePoint Online を JavaScript でイジる。
SharePoint Online を JavaScript でイジる。SharePoint Online を JavaScript でイジる。
SharePoint Online を JavaScript でイジる。Hirofumi Ota
 
CREATIVE SURVEY for Salesforce 概要資料
CREATIVE SURVEY for Salesforce 概要資料CREATIVE SURVEY for Salesforce 概要資料
CREATIVE SURVEY for Salesforce 概要資料Kikuchi Takayuki
 
え!?データがオンプレにあるけどPower BI で BI したいの?
え!?データがオンプレにあるけどPower BI で BI したいの?え!?データがオンプレにあるけどPower BI で BI したいの?
え!?データがオンプレにあるけどPower BI で BI したいの?Yugo Shimizu
 
MongoDBアプリの実例
MongoDBアプリの実例MongoDBアプリの実例
MongoDBアプリの実例Kazuyuki Namba
 
業界ごとのデータ分析を支援するIBM Data and AI Acceleratorsのご紹介
業界ごとのデータ分析を支援するIBM Data and AI Acceleratorsのご紹介業界ごとのデータ分析を支援するIBM Data and AI Acceleratorsのご紹介
業界ごとのデータ分析を支援するIBM Data and AI Acceleratorsのご紹介Tsuyoshi Hirayama
 
Lecture 3: Navigating the Requirements Management application: Web client
Lecture 3: Navigating the Requirements Management application: Web clientLecture 3: Navigating the Requirements Management application: Web client
Lecture 3: Navigating the Requirements Management application: Web clientIBM Rational software
 
Not Just ORM: Powerful Hibernate ORM Features and Capabilities
Not Just ORM: Powerful Hibernate ORM Features and CapabilitiesNot Just ORM: Powerful Hibernate ORM Features and Capabilities
Not Just ORM: Powerful Hibernate ORM Features and CapabilitiesBrett Meyer
 
ID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-onID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-onNov Matake
 
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize Logs
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize LogsMuleSoft Nashik Meetup#5 - JSON Logger and Externalize Logs
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize LogsJitendra Bafna
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
 

Weitere ähnliche Inhalte

Was ist angesagt?

datatech-jp Casual Talks#3 データエンジニアを採用するための試行錯誤
datatech-jp Casual Talks#3 データエンジニアを採用するための試行錯誤datatech-jp Casual Talks#3 データエンジニアを採用するための試行錯誤
datatech-jp Casual Talks#3 データエンジニアを採用するための試行錯誤株式会社MonotaRO Tech Team
 
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向Hitachi, Ltd. OSS Solution Center.
 
第73回 Machine Learning 15minutes ! IBM AI Foundation Modelsへの取り組み
第73回 Machine Learning 15minutes ! IBM AI Foundation Modelsへの取り組み第73回 Machine Learning 15minutes ! IBM AI Foundation Modelsへの取り組み
第73回 Machine Learning 15minutes ! IBM AI Foundation Modelsへの取り組みTsuyoshi Hirayama
 
ディープラーニングおじさんの話
ディープラーニングおじさんの話ディープラーニングおじさんの話
ディープラーニングおじさんの話karaage0703
 
bottleで始めるWEBアプリの最初の一歩
bottleで始めるWEBアプリの最初の一歩bottleで始めるWEBアプリの最初の一歩
bottleで始めるWEBアプリの最初の一歩Satoshi Yamada
 
Power BI を提案してみた件
Power BI を提案してみた件Power BI を提案してみた件
Power BI を提案してみた件Teruchika Yamada
 
Power BI データフロー 早わかり
Power BI データフロー 早わかりPower BI データフロー 早わかり
Power BI データフロー 早わかりTakeshi Kagata
 
自社で実運用中!Power Apps・Power Automate 活用事例
自社で実運用中!Power Apps・Power Automate 活用事例自社で実運用中!Power Apps・Power Automate 活用事例
自社で実運用中!Power Apps・Power Automate 活用事例Teruchika Yamada
 
Confluence x Brikit Theme Press でスタイリッシュなサイトを最速でデザインする
Confluence x Brikit Theme Press でスタイリッシュなサイトを最速でデザインする Confluence x Brikit Theme Press でスタイリッシュなサイトを最速でデザインする
Confluence x Brikit Theme Press でスタイリッシュなサイトを最速でデザインするAkira Higuchi
 
PRD Template for Product Managers
PRD Template for Product ManagersPRD Template for Product Managers
PRD Template for Product ManagersUjjwal Trivedi
 
AbemaTVにおける推薦システム
AbemaTVにおける推薦システムAbemaTVにおける推薦システム
AbemaTVにおける推薦システムcyberagent
 
SharePoint Online を JavaScript でイジる。
SharePoint Online を JavaScript でイジる。SharePoint Online を JavaScript でイジる。
SharePoint Online を JavaScript でイジる。Hirofumi Ota
 
CREATIVE SURVEY for Salesforce 概要資料
CREATIVE SURVEY for Salesforce 概要資料CREATIVE SURVEY for Salesforce 概要資料
CREATIVE SURVEY for Salesforce 概要資料Kikuchi Takayuki
 
え!?データがオンプレにあるけどPower BI で BI したいの?
え!?データがオンプレにあるけどPower BI で BI したいの?え!?データがオンプレにあるけどPower BI で BI したいの?
え!?データがオンプレにあるけどPower BI で BI したいの?Yugo Shimizu
 
MongoDBアプリの実例
MongoDBアプリの実例MongoDBアプリの実例
MongoDBアプリの実例Kazuyuki Namba
 
業界ごとのデータ分析を支援するIBM Data and AI Acceleratorsのご紹介
業界ごとのデータ分析を支援するIBM Data and AI Acceleratorsのご紹介業界ごとのデータ分析を支援するIBM Data and AI Acceleratorsのご紹介
業界ごとのデータ分析を支援するIBM Data and AI Acceleratorsのご紹介Tsuyoshi Hirayama
 
Lecture 3: Navigating the Requirements Management application: Web client
Lecture 3: Navigating the Requirements Management application: Web clientLecture 3: Navigating the Requirements Management application: Web client
Lecture 3: Navigating the Requirements Management application: Web clientIBM Rational software
 
Not Just ORM: Powerful Hibernate ORM Features and Capabilities
Not Just ORM: Powerful Hibernate ORM Features and CapabilitiesNot Just ORM: Powerful Hibernate ORM Features and Capabilities
Not Just ORM: Powerful Hibernate ORM Features and CapabilitiesBrett Meyer
 
ID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-onID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-onNov Matake
 

Was ist angesagt? (20)

datatech-jp Casual Talks#3 データエンジニアを採用するための試行錯誤
datatech-jp Casual Talks#3 データエンジニアを採用するための試行錯誤datatech-jp Casual Talks#3 データエンジニアを採用するための試行錯誤
datatech-jp Casual Talks#3 データエンジニアを採用するための試行錯誤
 
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
 
第73回 Machine Learning 15minutes ! IBM AI Foundation Modelsへの取り組み
第73回 Machine Learning 15minutes ! IBM AI Foundation Modelsへの取り組み第73回 Machine Learning 15minutes ! IBM AI Foundation Modelsへの取り組み
第73回 Machine Learning 15minutes ! IBM AI Foundation Modelsへの取り組み
 
Confluence と SharePoint 何が違う?
Confluence と SharePoint 何が違う?Confluence と SharePoint 何が違う?
Confluence と SharePoint 何が違う?
 
ディープラーニングおじさんの話
ディープラーニングおじさんの話ディープラーニングおじさんの話
ディープラーニングおじさんの話
 
bottleで始めるWEBアプリの最初の一歩
bottleで始めるWEBアプリの最初の一歩bottleで始めるWEBアプリの最初の一歩
bottleで始めるWEBアプリの最初の一歩
 
Power BI を提案してみた件
Power BI を提案してみた件Power BI を提案してみた件
Power BI を提案してみた件
 
Power BI データフロー 早わかり
Power BI データフロー 早わかりPower BI データフロー 早わかり
Power BI データフロー 早わかり
 
自社で実運用中!Power Apps・Power Automate 活用事例
自社で実運用中!Power Apps・Power Automate 活用事例自社で実運用中!Power Apps・Power Automate 活用事例
自社で実運用中!Power Apps・Power Automate 活用事例
 
Confluence x Brikit Theme Press でスタイリッシュなサイトを最速でデザインする
Confluence x Brikit Theme Press でスタイリッシュなサイトを最速でデザインする Confluence x Brikit Theme Press でスタイリッシュなサイトを最速でデザインする
Confluence x Brikit Theme Press でスタイリッシュなサイトを最速でデザインする
 
PRD Template for Product Managers
PRD Template for Product ManagersPRD Template for Product Managers
PRD Template for Product Managers
 
AbemaTVにおける推薦システム
AbemaTVにおける推薦システムAbemaTVにおける推薦システム
AbemaTVにおける推薦システム
 
SharePoint Online を JavaScript でイジる。
SharePoint Online を JavaScript でイジる。SharePoint Online を JavaScript でイジる。
SharePoint Online を JavaScript でイジる。
 
CREATIVE SURVEY for Salesforce 概要資料
CREATIVE SURVEY for Salesforce 概要資料CREATIVE SURVEY for Salesforce 概要資料
CREATIVE SURVEY for Salesforce 概要資料
 
え!?データがオンプレにあるけどPower BI で BI したいの?
え!?データがオンプレにあるけどPower BI で BI したいの?え!?データがオンプレにあるけどPower BI で BI したいの?
え!?データがオンプレにあるけどPower BI で BI したいの?
 
MongoDBアプリの実例
MongoDBアプリの実例MongoDBアプリの実例
MongoDBアプリの実例
 
業界ごとのデータ分析を支援するIBM Data and AI Acceleratorsのご紹介
業界ごとのデータ分析を支援するIBM Data and AI Acceleratorsのご紹介業界ごとのデータ分析を支援するIBM Data and AI Acceleratorsのご紹介
業界ごとのデータ分析を支援するIBM Data and AI Acceleratorsのご紹介
 
Lecture 3: Navigating the Requirements Management application: Web client
Lecture 3: Navigating the Requirements Management application: Web clientLecture 3: Navigating the Requirements Management application: Web client
Lecture 3: Navigating the Requirements Management application: Web client
 
Not Just ORM: Powerful Hibernate ORM Features and Capabilities
Not Just ORM: Powerful Hibernate ORM Features and CapabilitiesNot Just ORM: Powerful Hibernate ORM Features and Capabilities
Not Just ORM: Powerful Hibernate ORM Features and Capabilities
 
ID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-onID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-on
 

Ähnlich wie Single Logout

MuleSoft Nashik Meetup#5 - JSON Logger and Externalize Logs
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize LogsMuleSoft Nashik Meetup#5 - JSON Logger and Externalize Logs
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize LogsJitendra Bafna
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
 
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSOOpen Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSOelliando dias
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 
Our road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlannerOur road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlannerTomasz Wójcik
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLAlfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLJ V
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Shota Shinogi
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Anton Chuvakin
 
Super feats of integration x pages with symphony sharepoint and office
Super feats of integration x pages with symphony sharepoint and officeSuper feats of integration x pages with symphony sharepoint and office
Super feats of integration x pages with symphony sharepoint and officeJohn Head
 
Time to Terminate Manual 5250 Tasks
Time to Terminate Manual 5250 TasksTime to Terminate Manual 5250 Tasks
Time to Terminate Manual 5250 TasksHelpSystems
 
MuleSoft Surat Virtual Meetup#7 - JSON Logger and Common Error Handling With ...
MuleSoft Surat Virtual Meetup#7 - JSON Logger and Common Error Handling With ...MuleSoft Surat Virtual Meetup#7 - JSON Logger and Common Error Handling With ...
MuleSoft Surat Virtual Meetup#7 - JSON Logger and Common Error Handling With ...Jitendra Bafna
 
Lessons Learned from Migrating Legacy Enterprise Applications to Microservices
Lessons Learned from Migrating Legacy Enterprise Applications to MicroservicesLessons Learned from Migrating Legacy Enterprise Applications to Microservices
Lessons Learned from Migrating Legacy Enterprise Applications to MicroservicesVMware Tanzu
 
Introduction to LogCompare - Reducing MTTI/MTTR with Ease
Introduction to LogCompare - Reducing MTTI/MTTR with EaseIntroduction to LogCompare - Reducing MTTI/MTTR with Ease
Introduction to LogCompare - Reducing MTTI/MTTR with EaseSumo Logic
 
Teach Your Sites to Call for Help: Automated Problem Reporting for Online Ser...
Teach Your Sites to Call for Help: Automated Problem Reporting for Online Ser...Teach Your Sites to Call for Help: Automated Problem Reporting for Online Ser...
Teach Your Sites to Call for Help: Automated Problem Reporting for Online Ser...Caktus Group
 
Liferay workshop
Liferay workshopLiferay workshop
Liferay workshopahmadsayed
 
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...Salem Trabelsi
 

Ähnlich wie Single Logout (20)

MuleSoft Nashik Meetup#5 - JSON Logger and Externalize Logs
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize LogsMuleSoft Nashik Meetup#5 - JSON Logger and Externalize Logs
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize Logs
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
 
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSOOpen Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAML
 
Open sso fisl9.0
Open sso fisl9.0Open sso fisl9.0
Open sso fisl9.0
 
Our road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlannerOur road to Single Sign-On, DocPlanner
Our road to Single Sign-On, DocPlanner
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLAlfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
 
Real World SharePoint Debacles
Real World SharePoint DebaclesReal World SharePoint Debacles
Real World SharePoint Debacles
 
Delivering Identity at Internet Scale
Delivering Identity at Internet ScaleDelivering Identity at Internet Scale
Delivering Identity at Internet Scale
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
 
Joomla REST API
Joomla REST APIJoomla REST API
Joomla REST API
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
 
Super feats of integration x pages with symphony sharepoint and office
Super feats of integration x pages with symphony sharepoint and officeSuper feats of integration x pages with symphony sharepoint and office
Super feats of integration x pages with symphony sharepoint and office
 
Time to Terminate Manual 5250 Tasks
Time to Terminate Manual 5250 TasksTime to Terminate Manual 5250 Tasks
Time to Terminate Manual 5250 Tasks
 
MuleSoft Surat Virtual Meetup#7 - JSON Logger and Common Error Handling With ...
MuleSoft Surat Virtual Meetup#7 - JSON Logger and Common Error Handling With ...MuleSoft Surat Virtual Meetup#7 - JSON Logger and Common Error Handling With ...
MuleSoft Surat Virtual Meetup#7 - JSON Logger and Common Error Handling With ...
 
Lessons Learned from Migrating Legacy Enterprise Applications to Microservices
Lessons Learned from Migrating Legacy Enterprise Applications to MicroservicesLessons Learned from Migrating Legacy Enterprise Applications to Microservices
Lessons Learned from Migrating Legacy Enterprise Applications to Microservices
 
Introduction to LogCompare - Reducing MTTI/MTTR with Ease
Introduction to LogCompare - Reducing MTTI/MTTR with EaseIntroduction to LogCompare - Reducing MTTI/MTTR with Ease
Introduction to LogCompare - Reducing MTTI/MTTR with Ease
 
Teach Your Sites to Call for Help: Automated Problem Reporting for Online Ser...
Teach Your Sites to Call for Help: Automated Problem Reporting for Online Ser...Teach Your Sites to Call for Help: Automated Problem Reporting for Online Ser...
Teach Your Sites to Call for Help: Automated Problem Reporting for Online Ser...
 
Liferay workshop
Liferay workshopLiferay workshop
Liferay workshop
 
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
 

Mehr von Andreas Åkre Solberg

Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Andreas Åkre Solberg
 
Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Andreas Åkre Solberg
 
UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)Andreas Åkre Solberg
 
Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Andreas Åkre Solberg
 
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenNorsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenAndreas Åkre Solberg
 
Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Andreas Åkre Solberg
 

Mehr von Andreas Åkre Solberg (20)

OpenID Connect Federation
OpenID Connect FederationOpenID Connect Federation
OpenID Connect Federation
 
Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017
 
Dataporten Workshop
Dataporten WorkshopDataporten Workshop
Dataporten Workshop
 
Dataporten
DataportenDataporten
Dataporten
 
Dataporten for Sigma2, Hell
Dataporten for Sigma2, HellDataporten for Sigma2, Hell
Dataporten for Sigma2, Hell
 
Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)
 
UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)
 
Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)
 
Connect (USIT)
Connect (USIT)Connect (USIT)
Connect (USIT)
 
Connect (Feide fagdag, Gardemoen)
Connect (Feide fagdag, Gardemoen)Connect (Feide fagdag, Gardemoen)
Connect (Feide fagdag, Gardemoen)
 
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenNorsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
 
Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015
 
Feide Connect SUHS 2014
Feide Connect SUHS 2014Feide Connect SUHS 2014
Feide Connect SUHS 2014
 
Feide Connect (NOKIOS 2014)
Feide Connect (NOKIOS 2014)Feide Connect (NOKIOS 2014)
Feide Connect (NOKIOS 2014)
 
Feide Connect TNC2014
Feide Connect TNC2014Feide Connect TNC2014
Feide Connect TNC2014
 
Feide connect tnc2014
Feide connect tnc2014Feide connect tnc2014
Feide connect tnc2014
 
SCIM and VOOT
SCIM and VOOTSCIM and VOOT
SCIM and VOOT
 
Feide Connect (IoU Fagdag)
Feide Connect (IoU Fagdag)Feide Connect (IoU Fagdag)
Feide Connect (IoU Fagdag)
 
Feide Connect
Feide ConnectFeide Connect
Feide Connect
 
Feide Connect
Feide ConnectFeide Connect
Feide Connect
 

Kürzlich hochgeladen

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 

Kürzlich hochgeladen (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

Single Logout

  • 1. Single Log-Out Andreas Åkre Solberg Malaga, June 2009
  • 2. Sessions On Web • HTTP originally stateless • Using Cookies to keep state • Cookies in RFC2965 • Set a session ID first time user visits, sent back to site for every HTTP request HTTP GET Browser 2 Site Subsequent req. Set-Cookie: ID=23846 Cookie: Browser ID=23846 1 First request
  • 3. Cookies limited to domains Set-Cookie: ID=123; domain: .site.org Cookie sessions can be on one domain only. WebSSO protocols extend user sessions between domains. Master session IdP Session WebSSO WebSSO Session SP SP
  • 4. Consequenses of not terminating SSO Logging in to one service, and not terminating the SSO session enables access to a wide range of other services. Users do not understand this. SP WebSSO WebSSO IdP Financial system X. SP Employee salary Extending loan WebSSO WebSSO payment. period of a book at the library. SP SP
  • 5. Logout What do users do when they want to logout? They: • Click logout, or • close the browser/tab
  • 6. Close the tab??? Yes, (some) people close the tab to logout. We hired a company to perform usability testing with real-users.
  • 7. Logout Most federations does not offer any kind of logout. What if we want to provide some kind of logout? What are our options?
  • 8. Local Logout Can the federations leave logout to the services alone? And they can provide independent local logout? NO! What will SSO do to you, if you click login after having logged out locally?
  • 9. Local + IdP Logout Is this a good idea? SP2 Still active session LogoutRequest IdP 1 SP1 2 SP3 LogoutResponse Still active session SAML 2.0 provides protocol Active session element to distribute logout Deactivated session among entities.
  • 10. Local + IdP Logout Boundaries between SPs is washed-out with SSO. The user can never know exactly which services she is logged into (because SSO is transparent). Therefore local + IdP logout is a «no go»! MyPortal.com Service foo SP1 IdP Service bar SP2
  • 11. Single Logout - as in SAML 2.0 Single Logout Profile LogoutRequest SP2 2 3 LogoutResponse LogoutRequest IdP 1 SP1 6 4 LogoutRequest LogoutResponse LogoutResponse 5 SP3 Logout is fully propagated to all services that share a session...
  • 12. Single Logout Usability There is no way to get the user to understand what is going on with SLO, without being extremely clear and excplicit. Because users generally do not understand fully SSO, there is no common intuitive understanding of what SLO will do. It differs from user to user. One of the things we tried: Naming the button 'Global logout' is not making it any easier for the user.
  • 13. Single Logout Back-Out Users that are in the middle of an important transaction at SP2, will not like if it is interrupted when they logout from SP1. - Real-life example: Requirement from an financial system SP The user should be told which servers she is logged on-to, and asked whether she wants to log out from all of them.
  • 14. Single Logout Bindings Front-channel: • Not robust. SP2 may throw 500 internal error on user logging out from SP1. Back-channel: • Difficult to implement for SPs, because no access to session cookie.
  • 15. Single Logout Solution Our solution: • We are using front-channel only, not stuck with back-channel complexity. • Solving the robustness problem with hidden iFrames. • Presenting the user with a list of logged in services. • Option to logout local + IdP or globally. • Good feedback to user when things fail.
  • 17. Single Logout Solution SP1 SP2 SP3 Hidden iFrames sends front-channel LogoutRequests and update logout status with AJAX.
  • 18. Single Logout Solution LogoutResponse LogoutResponse LogoutResponse IdP LogoutResponse endpoint on IdP updates status up user logout page with AJAX.
  • 20. iFrame + AJAX Single Logout as provided by ble aila y Av da to
  • 21. Is anyone using logout? The big question! We have had simpleSAMLphp in production in two months. Is anybody using global logout? Let's take a look at the statistics.
  • 22. Is anyone using logout? Yes! At a surprising ratio of SLO:SSO at 1:10 Ratio of SSO:SLO varies very much between Service Providers. From 0 to 1:2!