This content has been marked as final.
Show 1 reply
-
1. Re: Picketlink single sign off
anil.saldhana Mar 31, 2014 10:35 AM (in response to ihevcuk)In the IDP initiated SSO use case as you are describing, the Service Provider is reached via the IDP, the SP creates its own session independent of the IDP. So if you log out at the IDP, it is not reflected at the SP.
Best it to undertake Service Provider initiated SSO where the user reaches the SP first and then hitting logout at the SP will invalidate all sessions (at the SPs and the IDP).