Single sign-out
Under Single Sign-out ( SSO ), also called off Sign-Single , Single log-out or Single log-off ( SLO hereinafter), is meant in the web development , a pattern of behavior , which makes it a Client enables thanks to a central authentication gateway of several Unsubscribe from services at the same time.
variants
- OpenID Connect Session Management
- Specification for single sign-out using JavaScript in single-page web applications . The JavaScript application receives a list of URLs that the application calls via HTTP requests. The sessions can be
DELETE
deleted using the method. - Alternatively, an
iframe
element orimg
elements can be used to make the browser call up the URLs. However, only theGET
method is supported here.
- OpenID Connect Front-Channel Logout
- Here, the client application registers the URL for logging out at the authentication gateway. When logging out, the authentication gateway renders the URLs to be called using an
iframe
element orimg
elements, whereby the browser calls the logout URLs. Only theGET
method is supported here.
- OpenID Connect back-channel logout
- Here the authentication gateway saves the services to which the client has logged on. When you log out, the authentication gateway sends a logout token to the respective services.
- The logout tokens are based on JSON Web Tokens (JWT) and are compatible with Security Event Tokens (SET).
See also
swell
- ^ A b Brock Allen: Single sign-out and IdentityServer3. February 8, 2016, accessed May 8, 2017 .
- ↑ OpenID Connect Session Management 1.0. Retrieved May 8, 2017 .
- ↑ OpenID Connect Front-Channel Logout 1.0. Retrieved May 8, 2017 .
- ↑ a b OpenID Connect Back-Channel Logout 1.0. Retrieved May 8, 2017 .
- ↑ P. Hunt, W. Denniss, M. Ansari, M. Jones: Security Event Token (SET). IETF , accessed May 8, 2017 .