Front Channel SLO

Description

Provide a front-channel (i.e. browser mediated) mechanism for single sign-out. The feature presents arguably the simplest solution for the oft-requested feature for single sign-out in clustered client applications. The following proposal describes one implementation based on the SAML 1.1 Single Log Out Profile over the HTTP Redirect Binding:

https://wiki.jasig.org/display/CAS/Proposal%3A+Front-Channel+Single+Sign-Out

Implementing front SLO (in addition to back SLO) is pretty complex and has big impacts on the source code. So I propose to do it in two pull requests :

  • the first one to change the cas-server-core to make it able to handle front SLO and still performs the back SLO

  • the second one to change the cas-server-webapp to really perform front SLO in addition to back SLO.

Environment

None

Status

Assignee

Jérôme LELEU

Reporter

Marvin Addison

Labels

None

Estimated End Date

None

Audience

None

Fix versions

Affects versions

3.5.2

Priority

Major