Browse Prior Art Database

Single sign out without single sign on using http headers Disclosure Number: IPCOM000224080D
Publication Date: 2012-Dec-06
Document File: 3 page(s) / 21K

Publishing Venue

The Prior Art Database


Disclosed is a method that allows a user to log out of multiple related websites with one logout action.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 44% of the total text.

Page 01 of 3

Single sign out without single sign on using http headers

Company intranets contain systems from many different vendors that may have different methods of authentication. It is not always feasible to use a single sign on mechanism, for example, when the systems require separate Lightweight Directory Access Protocols (LDAPs) with separate user IDs. Currently, without single sign on, there is not an easy way for the user to sign out of everything they have signed into. It is easy for a user to log in to five different applications and then forget to log out of one of them. Even when single sign on is available, logging out of one application may not log out of all applications. Single sign-off or single sign-out is not achieved.

Some prior art exists in the area of multiple site log out. One method requires a separate "login server" to maintain a list of affiliated sites as well as how to log out of those sites. The role of the login server is to perform the actual login and log out on behalf of the user. This prior art is also designed to work with cookie-based authentication mechanisms. Another method requires pluggable modules that understand how to log into and out of different services. This method requires knowing exactly how each service does its authentication. A third method requires the use of a browser plugin to log out the user from all authenticated sessions; this approach is not cross-browser friendly.

The invention is a device that is easily retrofitted onto existing web applications. In some cases, this can be done with modifications to configuration in a Hypertext Transfer Protocol (HTTP) server to add headers. In many cases, logout functionality can be retrofitted onto existing web applications simply by configuring redirects at the HTTP server. Even in the most complex cases, the solution only requires a single servlet, Common Gateway Interface (CGI) or other server process to be added to an existing application implementing logout functionality.

If implemented by browsers and web servers, it is a cross-browser way to perform a multiple site logout. This may be a strategic advantage to a browser technology in gaining market share especially among corporate customers for whom data security is especially important and where single browser solutions may be mandated for certain applications, but there is also nothing technically preventing the invention from working across all types of browsers.

This invention only logs the user out of related websites (e.g., intranet sites that are linked in some manner). This allows the user to continue working in other unrelated sites. For instance, the user may continue to work on personal matters on their personal email account and remain assured that all work accounts have been signed off. The standard would not necessarily have to be adopted by a standards board before it could be put into implementation.

On a general request, the HTTP server simply returns an "Allowed-Logout-...