Systems and methods for logging out of cloud-based applications managed by single sign-on services
First Claim
1. A computer-implemented method for logging out of cloud-based applications managed by single sign-on services, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying, by a client agent running on a computing device of a user, an attempt, initiated by the user on the computing device and performed by a single sign-on service, to log the user out of a set of cloud-based applications managed by the single sign-on service and not managed by the client agent, at least a portion of the set of cloud-based applications being hosted in a separate domain than the client agent;
in response to identifying the attempt to log the user out of the set of cloud-based applications, tracking, by a script implemented by the client agent that is capable of monitoring cross-domain communications from the domain in which the portion of the set of cloud-based applications are hosted, a logout status of each application within the set of cloud-based applications by, for each application;
identifying a logout request sent by the single sign-on service to the application via a protocol limited by cross-domain restrictions; and
determining whether the application has sent a logout response via the protocol limited by cross-domain restrictions to the single sign-on service that verifies that the user has been successfully logged out of the application; and
determining that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application.
6 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for logging out of cloud-based applications managed by single sign-on services may include (1) identifying an attempt by a single sign-on service to log a user out of a set of cloud-based applications, (2) in response to identifying the attempt to log the user out of the set of applications, tracking a logout status of each application within the set of cloud-based applications by, for each application (a) identifying a logout request sent by the single sign-on service to the application and (b) determining whether the application has sent a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application, and (3) determining that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service.
-
Citations
20 Claims
-
1. A computer-implemented method for logging out of cloud-based applications managed by single sign-on services, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying, by a client agent running on a computing device of a user, an attempt, initiated by the user on the computing device and performed by a single sign-on service, to log the user out of a set of cloud-based applications managed by the single sign-on service and not managed by the client agent, at least a portion of the set of cloud-based applications being hosted in a separate domain than the client agent; in response to identifying the attempt to log the user out of the set of cloud-based applications, tracking, by a script implemented by the client agent that is capable of monitoring cross-domain communications from the domain in which the portion of the set of cloud-based applications are hosted, a logout status of each application within the set of cloud-based applications by, for each application; identifying a logout request sent by the single sign-on service to the application via a protocol limited by cross-domain restrictions; and determining whether the application has sent a logout response via the protocol limited by cross-domain restrictions to the single sign-on service that verifies that the user has been successfully logged out of the application; and determining that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for logging out of cloud-based applications managed by single sign-on services, the system comprising:
-
an identification module, stored in memory, that identifies, by a client agent running on a computing device of a user, an attempt, initiated by the user on the computing device and performed by a single sign-on service, to log the user out of a set of cloud-based applications managed by the single sign-on service and not managed by the client agent, at least a portion of the set of cloud-based applications being hosted in a separate domain than the client agent; a tracking module, stored in memory, that in response to identifying the attempt to log the user out of the set of cloud-based applications, tracks, by a script implemented by the client agent that is capable of monitoring cross-domain communications from the domain in which the portion of the set of cloud-based applications are hosted, a logout status of each application within the set of cloud-based applications by, for each application; identifying a logout request sent by the single sign-on service to the application via a protocol limited by cross-domain restrictions; and determining whether the application has sent a logout response via the protocol limited by cross-domain restrictions to the single sign-on service that verifies that the user has been successfully logged out of the application; a determination module, stored in memory, that determines that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application; and at least one processor that executes the identification module, the tracking module, and the determination module. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify, by a client agent running on a computing device of a user, an attempt, initiated by the user on the computing device and performed by a single sign-on service, to log the user out of a set of cloud-based applications managed by the single sign-on service and not managed by the client agent, at least a portion of the set of cloud-based applications being hosted in a separate domain than the client agent; in response to identifying the attempt to log the user out of the set of cloud-based applications, track, by a script implemented by the client agent that is capable of monitoring cross-domain communications from the domain in which the portion of the set of cloud-based applications are hosted, a logout status of each application within the set of cloud-based applications by, for each application; identifying a logout request sent by the single sign-on service to the application via a protocol limited by cross-domain restrictions; and determining whether the application has sent a logout response via the protocol limited by cross-domain restrictions to the single sign-on service that verifies that the user has been successfully logged out of the application; and determine that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application. - View Dependent Claims (18, 19, 20)
-
Specification