This is a prototype SP logout landing page. The Service destroys its session but cannot destroy the SSO cookie. So it is trivial to use the SSO cookie to log back into that service or another in the same security domain. To prevent such behavior (a high risk / high security application or a need to log into the same service as a different user) the SP can re-direct the browser to a page like this that offers the opportunity to end the SSO session. The SP could also directly use the link behind the "End My Current SSO Session", removing the option from the user.

You have been logged out of {the Application or Service that re-directed you here}.

You can log in again by returning to that service's location.

Your current Single-Sign-On (SSO) session is still active

An SSO session was established when you entered your credentials at UA. SSO enables you to authenticate to (log in to) this and other sites that rely on UA's privacy-preserving SSO (those services never see your password). Examples of such SSO-enabled services at UA are listed here.

Removing Your Single-Sign-On session

You can end your SSO session by clicking on the link below; this will force authentication (require entry of credentials) for subsequent services that would otherwise rely on your existing SSO session. Removing your SSO session does NOT log you out of any services to which you are currently authenticated.

​End My Current UA SSO Session

Risks of data cached in your browser:

If the computer/tablet/phone you are using is shared with others, and you wish to limit the risk that others will be able to view or use information that may be cached in your web browser, you can reduce (but not eliminate) such risk by the following practices.

• Use browsers' "private browsing" option to limit sharing or storing information outside the browser window.
• Explicitly log out of all web sites; do not rely solely on closing the browser or browser window.
• Never take up the browser's suggestion to save passwords or "remember me," as that may enable others to log in as you!
• Explicitly clear the cookies and caches in your browser: brief directions for common browsers are here.

---

On Thu, 15 May 2014, at 15:56 , John P. Mitchell <jpmitchell@…> wrote:

David,

You can craft a URL like so. This link is functional by the way.

​https://shibboleth.usc.edu/docs/sp/install/Shibboleth.sso/Logout?return=http://www.myplace.org

That will log you out of the SP. The return could point to the IDP logout.jsp in the return param if you want SP -> IDP logout flow. Some want to start at the IDP and then hit the SP, so you just reverse the return params. To figure out the URL you need to know where the web server administrator has placed the Shibboleth.sso in the URL. You can usually find that in the xml config for the SP.

-- John P. Mitchell <jpmitchell@…> UAF - ASF Operations Supervisor 907.474.5083