Single sign-out

from Wikipedia, the free encyclopedia

Under Single Sign-out ( SSO ), also called off Sign-Single , Single log-out or Single log-off ( SLO hereinafter), is meant in the web development , a pattern of behavior , which makes it a Client enables thanks to a central authentication gateway of several Unsubscribe from services at the same time.

variants

OpenID Connect Session Management
Specification for single sign-out using JavaScript in single-page web applications . The JavaScript application receives a list of URLs that the application calls via HTTP requests. The sessions can be DELETEdeleted using the method.
Alternatively, an iframeelement or imgelements can be used to make the browser call up the URLs. However, only the GETmethod is supported here.
OpenID Connect Front-Channel Logout
Here, the client application registers the URL for logging out at the authentication gateway. When logging out, the authentication gateway renders the URLs to be called using an iframeelement or imgelements, whereby the browser calls the logout URLs. Only the GETmethod is supported here.
OpenID Connect back-channel logout
Here the authentication gateway saves the services to which the client has logged on. When you log out, the authentication gateway sends a logout token to the respective services.
The logout tokens are based on JSON Web Tokens (JWT) and are compatible with Security Event Tokens (SET).

See also

swell

  1. ^ A b Brock Allen: Single sign-out and IdentityServer3. February 8, 2016, accessed May 8, 2017 .
  2. OpenID Connect Session Management 1.0. Retrieved May 8, 2017 .
  3. OpenID Connect Front-Channel Logout 1.0. Retrieved May 8, 2017 .
  4. a b OpenID Connect Back-Channel Logout 1.0. Retrieved May 8, 2017 .
  5. P. Hunt, W. Denniss, M. Ansari, M. Jones: Security Event Token (SET). IETF , accessed May 8, 2017 .