Oct 25, 2016, 1:55 PM
94 Posts

You can simulate that in your code easily enough

  • Category: Domino Server
  • Platform: All Platforms
  • Release: 9.0.1
  • Role: Administrator,Developer
  • Tags: saml,logout,authenticaion
  • Replies: 4
Just make the logout button in your application redirect the end user's browser to the IdP's logout URL after logging them out of your application. The drawback to this angle is that if the IdP serves multiple applications, the end users might be annoyed that they now need to retype their password to get into, say, the expense reimbursement system.  In this model, you need a shift in mind set -- logging out of an individual application is meaningless, you need to log out of the IdP directly, kill your browser window, or lock your workstation in order to protect your system.

Another approach that some folks use is to configure their IdP to not generate session cookies and require the end user to log in each time. This provides a central point of authentication, but still requires the end user to type and retype their username and password again and again and again. Some people consider this to be a good thing.