1 Reply Latest reply on Sep 15, 2014 5:02 PM by Pedro Igor

    Global Logout

    Lg chen Newbie

      For the the log-out mechanism, as my understanding, we have two choices at Idp end, one is LLO(local logout), another one is GLO (global logout). But the LLO seems like only to update Idp that the SP's session's ended, but it won't further kill the user's login session in Idp. However, if we adopt GLO, then it has no choice but kills all the SPs and Idp's session.

       

      I wonder if there's some thing in between that when a certain SP is logged out and calls the Idp log-out jss, it will only end Idp's session but not to kill the valid session in other SPs.

        • 1. Re: Global Logout
          Pedro Igor Master

          Actually, LLO means end session at the SP side. So you are still have valid SSO session. However, if you hit the SP again right after a LLO, you'll be redirect to the IdP and as your session is still valid, you are going to be logged in in the SP again.

           

          I'm afraid PicketLink does not support what you are looking for. Kill IdP session only and leave SP sessions intact.

           

          Regards.