[pubcookie-dev] Single Sign Out
schwoerb at doit.wisc.edu
Thu Jun 22 10:46:02 PDT 2006
On 6/22/06 12:23 PM, "Stephen C. Losen" <scl at sasha.acc.Virginia.EDU> wrote:
>>>> The thought is to have on full logout, it to add hidden iframes on the
>>>> logout page that will have the location be the
>>> The approach taken by (one of) Oracle's single signon products is for the
>>> logout page to request an image from each remote service and to display it
>>> against the service name. Requesting the image causes the logout and its
>>> successful display (I think it's something like a tick) confirms that it
>>> worked. Text on the logout pages says something like "Here are the servers
>>> you were using. A tick implies that you have been logged out, anything else
>>> (like a broken image icon) indicates failure". Quite what users should, or
>>> will, do on failure is unclear.
>> Not everyone loads images, in particular people who don't see well
>> and use screen readers. People using mobile devices with small screens
>> may often disable images as well.
> I think that there are some limitations with iframes and cookies.
> Some browsers get kind of paranoid sending and/or receiving
> cookies from apps in iframes. Maybe this doesn't apply to the
> single sign off situation, but we had trouble running the
> pubcookie login cgi in an iframe because at least one popular
> browser (IE maybe) refused to cooperate.
True, I forgot about that. Cookies can't be set on the initial page in an
iframe with ie6. Interesting enough, on subsequent page loads it can set
cookies. I am sure it is a feature, not a bug ;). On a side note, you can
have iframes be applications with different AppIDs and the such, you just
need to use the POST LoginMethod.
> Steve Losen scl at virginia.edu phone: 434-924-0640
> University of Virginia ITC Unix Support
More information about the pubcookie-dev