Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.

Abstract: A user interface provides mechanisms for a user to select resources from a plurality of different groups, across clients. Updates from all of the selected resources are aggregated and displayed to the user, across clients, in an integrated view.

Abstract: Systems, methods, and computer-readable storage media are provided for discovering and disambiguating identity providers such that user knowledge of appropriate identity providers is minimized. Users are presented with options for selecting appropriate providers only when multiple providers have user profiles matching a user identifier. When users are presented with options for selecting appropriate providers, providers that have user profiles matching the identifier are identified utilizing identity information for the application that utilizes the identity provider for its users rather than information identifying the identity provider itself.

Abstract: A server system receives and installs multiple claim provider plug-ins. Each of the claim provider plug-ins implements the same software interface. However, each of the claim provider plug-ins can provide claims that assert different things. Claims provided by the claim provider plug-ins can be used to control access of users to a resource.

Abstract: A method for sign-on and sign-out for a computer system includes: receiving a first sign-on request for the computer system; obtaining, from the first sign-on request, a first user identifier, the first user identifier corresponding to a first user for the computer system; obtaining, from the first sign-on request, a first uniform resource locator (URL); determining whether the first URL includes a first root name for the computer system; when a determination is made that the first URL includes the first root name for the computer system: issuing a first cookie; associating the first cookie with the first user; obtaining a first sub-domain name from the first URL; issuing a second cookie, the second cookie being different from the first cookie; associating the second cookie with the first sub-domain name; and when the first cookie and the second cookie are issued, signing-on the first user to the computer system.

Abstract: A server system receives and installs multiple claim provider plug-ins. Each of the claim provider plug-ins implements the same software interface. However, each of the claim provider plug-ins can provide claims that assert different things. Claims provided by the claim provider plug-ins can be used to control access of users to a resource.