Single Sign Out

Owned by ScottS
Last updated: Apr 20, 2007 by Luk ClaesVersion comment
1 min read

It would be nice if there would be a possibility to have a single sign out feature.

Single sign out in this context means that if one chooses to logout of CAS that (maybe ofter some timeouts for some applications) one has to re-login into CAS to be able to continue the applications that were linked with the previous CAS session. For new applications one would of course also need to login, though this is today already the case if one logs out of CAS.

There are several possibilities to get this done:

  • timeouts in applications
  • registration of applications with their logout URL
  • message queue
  • ... [other possibilities?]

Personally I would consider to have at least the first two possibilities. Possible negative aspects of these two possibilities would reduce immensely if they are combined IMHO.

One of the big advantages of the second possibility is it's flexibility and ease of use. Flexibility as the logout URL can introduce a complex logout procedure for some application and still be easy to implement. Ease of use as it's normal to expect every application to supply a logout URL, even applications that are not developed in house or easy adapted in house...