[pubcookie-dev] Single Sign Out
Stephen C. Losen
scl at sasha.acc.Virginia.EDU
Thu Jun 22 10:23:15 PDT 2006
>
> >> The thought is to have on full logout, it to add hidden iframes on the
> >> logout page that will have the location be the
> >> redirect_url?appid=appid&action=logout
> >> (href="https://myapp.univ.edu/pubcookie.reply?appid=MyApp&action=logout").
> >
> > The approach taken by (one of) Oracle's single signon products is for the
> > logout page to request an image from each remote service and to display it
> > against the service name. Requesting the image causes the logout and its
> > successful display (I think it's something like a tick) confirms that it
> > worked. Text on the logout pages says something like "Here are the servers
> > you were using. A tick implies that you have been logged out, anything else
> > (like a broken image icon) indicates failure". Quite what users should, or
> > will, do on failure is unclear.
>
> Not everyone loads images, in particular people who don't see well
> and use screen readers. People using mobile devices with small screens
> may often disable images as well.
>
> Jim
I think that there are some limitations with iframes and cookies.
Some browsers get kind of paranoid sending and/or receiving
cookies from apps in iframes. Maybe this doesn't apply to the
single sign off situation, but we had trouble running the
pubcookie login cgi in an iframe because at least one popular
browser (IE maybe) refused to cooperate.
Steve Losen scl at virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support
More information about the pubcookie-dev
mailing list