Search the Aria Knowledgebase for
User Documentation, APIs, SDKs, and more!

 

Home > Aria Crescendo Documentation > Configuration > Single Sign-On (SSO) > Single Logout Considerations > Logout and User Expectations

Logout and User Expectations

Table of contents
This article applies to:Aria Crescendo

Overview

When a user clicks a logout button or link in Aria, the user’s web application session and service provider session are ended, but the user is not logged out of the IdP. Therefore, if the user were to return to the Aria application, they would be automatically re-authenticated because their IdP session cookie is still valid.

Since an IdP does not know which service providers to which the user has sessions, it cannot inform those service providers to destroy the user’s sessions. This creates a false sense of security for users since it provides the impression that they are logged out of all SSO applications.

You must to post a comment.
Last modified
20:20, 20 Jul 2015

Tags

Classifications

This page has no classifications.