Issue Context:
Atlassian Crowd provides robust SSO functionality, but the implementation of Single Logout (SLO) appears to require additional configuration or custom development. Based on documentation (e.g., Crowd Data Center 3.4 SSO 2.0), while Crowd supports cross-domain SSO and centralized authentication, there is no explicit guidance on native SLO capabilities. For example:
- When users log out of Crowd, applications like Jira or Confluence may retain active sessions, indicating incomplete SLO.
- Existing solutions (e.g., session validation via
SSOCookieFilter or SAML integration) require custom code or third-party plugins.
Key Questions:
- Does Crowd natively support SLO without relying on third-party plugins or manual implementation (e.g., SAML/CAS protocol extensions)?
- If SLO is not natively supported, are there official recommendations for achieving global logout across integrated applications?
- Are there plans to enhance Crowd’s SLO capabilities in future releases (e.g., built-in SAML SLO endpoints or automated session termination)?
Relevant Documentation:
- Crowd SSO 2.0 documentation mentions cross-domain SSO but lacks SLO details.
- Integration guides (e.g., Microsoft Entra SSO, Bitbucket) emphasize authentication but not logout synchronization.
Suggested Improvements:
- Provide native SLO workflows (e.g., SAML SLO support or centralized session invalidation).
- Clarify whether third-party plugins (e.g., SAML IdPs) are mandatory for SLO.
