[cas-dev] CAS Client for Java 3.1

Scott Battaglia scott.battaglia at gmail.com
Fri Nov 16 08:17:21 EST 2007 

Our recommendation is that you NEVER log a user out of everything without
informing them.  It creates a jarring experience as people expect that when
they log out of one application, they are only logged out of one application
and not everything.  To anyone looking at a "LOGOUT" link in an application,
it would appear to only log them out of that application.  To do anything
other than a local logout could confuse people who had two tabs and two
different applications open.

Is your plan to make the logout link in applications an automatic link to
the global logout?



On Nov 16, 2007 8:08 AM, Andrew R Feller <afelle1 at lsu.edu> wrote:

>  So basically, if you want people to log out of all applications upon log
> out, you would simply point them to the CAS logout servlet, which would send
> logout requests to all of the services the user had a service ticket
> validated by.  If you want per-application logout, then you would need the
> page you described.
>
>
>
> We have been tossing around the whole "Why does log out mean?" with SSO
> and chose the logout means everything as we have a major portal that serves
> applications for users.
>
>
>
> Thanks Scott! =)
>
>
>
> Andrew R Feller, Analyst
>
> Subversion Administrator
>
> University Information Systems
>
> Louisiana State University
>
> afelle1 at lsu.edu
>
> (office) 225.578.3737
>   ------------------------------
>
> *From:* cas-dev-bounces at tp.its.yale.edu [mailto:
> cas-dev-bounces at tp.its.yale.edu] *On Behalf Of *Scott Battaglia
> *Sent:* Thursday, November 15, 2007 4:09 PM
> *To:* Mailing list for CAS developers
> *Subject:* Re: [cas-dev] CAS Client for Java 3.1
>
>
>
> Our best practices says that all applications should have a local log out
> (because hey, people may want to log out of your application ;-)).  Those
> local log out screens should inform you that you've only logged out of that
> specific application and then provide a link to log out of every application
> you've signed into.
>
> Which I guess the blurb I put in doesn't explain too well :-)
>
> -Scott
>
> On Nov 15, 2007 3:56 PM, Andrew R Feller <afelle1 at lsu.edu> wrote:
>
> Scott,
>
>
>
> Congratulations on the approaching milestone 1 release! =)
>
>
>
> While looking at the documentation, I noticed a point of confusion.  In
> the "Configuring the CAS Client" section, there is a link to "Configuring
> Single Sign Out", but at the bottom of the page there is the "Recommended
> Logout Procedure" that has users' applications hitting an application
> specific logout and making the CAS logout an additional step.
>
>
>
> Could you please elaborate?
>
>
>
> Once again, thanks for the hard work!
>
>
>
> Andrew R Feller, Analyst
>
> Subversion Administrator
>
> University Information Systems
>
> Louisiana State University
>
> afelle1 at lsu.edu
>
> (office) 225.578.3737
>   ------------------------------
>
> *From:* cas-dev-bounces at tp.its.yale.edu [mailto:
> cas-dev-bounces at tp.its.yale.edu] *On Behalf Of *Scott Battaglia
> *Sent:* Thursday, November 15, 2007 2:24 PM
> *To:* CAS Developers Mailing List
> *Subject:* [cas-dev] CAS Client for Java 3.1
>
>
>
> All,
>
> I've been working on the CAS Client for Java 3.1 release when I've had
> some time.  We're almost ready for an M1 release.  I've documented a lot of
> things here:
> http://www.ja-sig.org/wiki/display/CASC/CAS+Client+for+Java+3.1
>
> It explains the basic differences between the 3.0 client and the 3.1client and includes documentation on how to use it.
>
> One thing that isn't detailed is the things left out (for now):
> * uPortal support.  For the time being users should continue to use what
> is included in the uPortal 2.x releases.  uPortal 3 will support Spring
> Security (which will eventually use the new client).
> * DelegatingFilter - It can't be easily supported in the web.xmlconfiguration.  We can include it with a note stating it can only be
> configured through Spring if people think they will use it.
> * Basic Authorization Filters - were people using these?  If so, we can
> offer a simplified version (or just re-include the more complex ones with
> the knowledge that these again require Spring).
>
> Please provide your thoughts on whether the second two are worth including
> as "Spring-only" configuration options.
>
> Thanks
> -Scott
>
> --
> -Scott Battaglia
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20071116/8b0e8842/attachment-0001.html

More information about the cas-dev mailing list