Logout in single sign-on systems: Problems and solutions

نویسندگان

  • Sanna Suoranta
  • Kamran Manzoor
  • Asko Tontti
  • Joonas Ruuskanen
  • Tuomas Aura
چکیده

Web single sign-on (SSO) systems enable users to authenticate themselves to multiple online services with one authentication credential and mechanism offered by an identity provider. The topic is widely studied and many solutions exist. However, logging out of a service using SSO has received less attention. While previous studies note that users want single logout when using SSO, most of the existing services do not offer it, and the identity providers do not even keep track of the open sessions. This article describes challenges related to logout in federated identity management and analyzes unexpected behavior in logout situations. The examples are from the Shibboleth SSO system. Based on the analysis, we give guidelines for implementing reliable logout and describe a polling-based solution for creating a system-wide logout mechanisms that only requires minor changes to the existing code and does not burden the identity provider excessively. In addition to the system-wide logout, our solution gives users the option to log out of only one service. A usability test was conducted to evaluate the solution. The results show that the users liked the ability to choose between the two logout options, but they did not understand the words used to describe them. Another observation was that a majority of the users do not log out of the services at all; they just close the browser window, which should be taken into account in the design of web SSO systems. a 2014 Elsevier Ltd. All rights reserved.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Logout in Single Sign-on Systems

Single sign-on (SSO) helps users to cope with many online services that require authentication. Systems such as OpenID and SAML-based Shibboleth offer federated identity management where an Identity Provider authenticates the user on behalf of the services. Much research concentrates on making authentication stronger, preventing phishing and making the systems more user friendly but less attent...

متن کامل

Shibboleth: Vollständiges Single Logout durch Kopplung von Anwendungs- und Shibboleth-Session am Apache-Webserver

Single SignOn (SSO) im Rahmen einer Authentication and Authorization Infrastructure (AAI) ist sehr verbreitet. Aktuell werden die Entwicklungen für das Single Logout (SLO) wieder vorangetrieben. Beim SSO-Verfahren Shibboleth besteht das Problem, dass beim Terminieren der Shibboleth-Session am Service-Provider nicht zwangsläufig auch die Anwendungs-Session terminiert wird. Dieser Beitrag zeigt e...

متن کامل

NEW MODELS AND ALGORITHMS FOR SOLUTIONS OF SINGLE-SIGNED FULLY FUZZY LR LINEAR SYSTEMS

We present a model and propose an approach to compute an approximate solution of Fully Fuzzy Linear System $(FFLS)$ of equations in which all the components of the coefficient matrix are either nonnegative or nonpositive. First, in discussing an $FFLS$ with a nonnegative coefficient matrix, we consider an equivalent $FFLS$ by using an appropriate permutation to simplify fuzzy multiplications. T...

متن کامل

Multiplicity of Positive Solutions of laplacian systems with sign-changing weight functions

In this paper, we study the multiplicity of positive solutions for the Laplacian systems with sign-changing weight functions. Using the decomposition of the Nehari manifold, we prove that an elliptic system has at least two positive solutions.

متن کامل

Optimally Local Dense Conditions for the Existence of Solutions for Vector Equilibrium Problems

In this paper, by using C-sequentially sign property for bifunctions, we provide sufficient conditions that ensure the existence of solutions of some vector equilibrium problems in Hausdorff topological vector spaces which ordered by a cone. The conditions which we consider are not imposed on the whole domain of the operators involved, but just on a locally segment-dense subset of the domain.

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • J. Inf. Sec. Appl.

دوره 19  شماره 

صفحات  -

تاریخ انتشار 2014