SSO Inactivity Timeout
Scott Battaglia
scott.battaglia at gmail.com
Wed Nov 1 09:51:18 EST 2006
You could but its not necessary because once the ticket itself is expired
the cookie is invalid (as an attempt to retrieve the ticket by id would
fail) and the next time you log in the old cookie would be replaced.
-Scott
On 11/1/06, nick.maiorana at wachovia.com <nick.maiorana at wachovia.com> wrote:
>
>
> Yeah, that's what we were thinking. For a true inactivity invalidation,
> we may have to employ some sort of agent or supplicant on the client
> workstations that clear the SSO cookie.
>
> Thanks.
>
> ------------------------------
> *Nick Maiorana*
> Technology, Architecture and Business Services
> J2EE Components and Services
> nick.maiorana at wachovia.com
> Phone: 704-427-1923
> Pager: 888-739-0534 or nick.maiorana at my2way.com
>
> *Confidentiality Statement:*
> "The information contained in this electronic message is confidential,
> proprietary, and intended only for the use of the owner of the e-mail
> address listed as the recipient of this message. If you are not the intended
> recipient, or the employee or agent responsible for delivering this message
> to the intended recipient, you are hereby notified that any disclosure,
> dissemination, distribution, copying of this communication, or unauthorized
> use is strictly prohibited and subject to prosecution to the fullest extent
> of the law! If you are not the intended recipient, please delete this
> electronic message and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE
> DISSEMINATE IT OR ITS CONTENTS."* *
>
>
> *"Scott Battaglia" <scott.battaglia at gmail.com>*
> Sent by: cas-bounces at tp.its.yale.edu
>
> 10/31/2006 09:31 AM
>
> Please respond to
> Yale CAS mailing list <cas at tp.its.yale.edu>
>
> To
> "Yale CAS mailing list" <cas at tp.its.yale.edu> cc
>
> Subject
> Re: SSO Inactivity Timeout
>
>
>
>
>
>
> The cookie is merely a pointer to the actual Ticket. Expiring the ticket
> has the same affect as expiring the cookie and its actually easier to do.
> You only other option is to modify the login flow itself to check the
> cookie.
>
> -Scott
>
> On 10/31/06, *nick.maiorana at wachovia.com* <nick.maiorana at wachovia.com> <*nick.maiorana at wachovia.com
> * <nick.maiorana at wachovia.com>> wrote:
>
> Thanks for your reply.
>
> We are looking for a way to invalidate the SSO Cookie if the user has not
> had any keyboard/mouse activity (or at a miminum, browser activity) for a
> set amount of time. So this is more of an inactivity time for the user
> rather than an expiration time for the ticket.
>
> ------------------------------
> *Nick Maiorana*
> Technology, Architecture and Business Services
> J2EE Components and Services*
> **nick.maiorana at wachovia.com* <nick.maiorana at wachovia.com>
> Phone: 704-427-1923
> Pager: 888-739-0534 or *nick.maiorana at my2way.com*<nick.maiorana at my2way.com>
>
> *Confidentiality Statement:*
> "The information contained in this electronic message is confidential,
> proprietary, and intended only for the use of the owner of the e-mail
> address listed as the recipient of this message. If you are not the intended
> recipient, or the employee or agent responsible for delivering this message
> to the intended recipient, you are hereby notified that any disclosure,
> dissemination, distribution, copying of this communication, or unauthorized
> use is strictly prohibited and subject to prosecution to the fullest extent
> of the law! If you are not the intended recipient, please delete this
> electronic message and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE
> DISSEMINATE IT OR ITS CONTENTS."* *
>
> *"Scott Battaglia" <**scott.battaglia at gmail.com*<scott.battaglia at gmail.com>
> *>*
> Sent by: *cas-bounces at tp.its.yale.edu* <cas-bounces at tp.its.yale.edu>
>
> 10/30/2006 11:49 AM
> Please respond to
> Yale CAS mailing list <*cas at tp.its.yale.edu* <cas at tp.its.yale.edu>>
>
>
> To
> "Yale CAS mailing list" <*cas at tp.its.yale.edu* <cas at tp.its.yale.edu>> cc
>
> Subject
> Re: SSO Inactivity Timeout
>
>
>
>
>
>
>
> Nick,
>
> CAS supports the notion of Expiration Policies. Example policies include
> # of uses or "a ticket is only valid for X amount of time." You can write
> an "inactivity policy" and configure CAS to use that. *
>
> **http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/org/jasig/cas/ticket/ExpirationPolicy.html
> *<http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/org/jasig/cas/ticket/ExpirationPolicy.html>
> *
> **http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/org/jasig/cas/ticket/TicketState.html
> *<http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/org/jasig/cas/ticket/TicketState.html>
>
> -Scott
>
>
> On 10/30/06, *nick.maiorana at wachovia.com** * <nick.maiorana at wachovia.com><
> * nick.maiorana at wachovia.com* <nick.maiorana at wachovia.com>> wrote:
>
> Are there any hooks into determining a user's inactivity on his machine to
> invalidate the SSO token?
>
> ------------------------------
> *Nick Maiorana*
> Technology, Architecture and Business Services
> J2EE Components and Services*
> **nick.maiorana at wachovia.com* <nick.maiorana at wachovia.com>
> Phone: 704-427-1923
> Pager: 888-739-0534 or *nick.maiorana at my2way.com*<nick.maiorana at my2way.com>
>
> *Confidentiality Statement:*
> "The information contained in this electronic message is confidential,
> proprietary, and intended only for the use of the owner of the e-mail
> address listed as the recipient of this message. If you are not the intended
> recipient, or the employee or agent responsible for delivering this message
> to the intended recipient, you are hereby notified that any disclosure,
> dissemination, distribution, copying of this communication, or unauthorized
> use is strictly prohibited and subject to prosecution to the fullest extent
> of the law! If you are not the intended recipient, please delete this
> electronic message and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE
> DISSEMINATE IT OR ITS CONTENTS."* *
>
>
> _______________________________________________
> Yale CAS mailing list*
> **cas at tp.its.yale.edu* <cas at tp.its.yale.edu>*
> **http://tp.its.yale.edu/mailman/listinfo/cas *<http://tp.its.yale.edu/mailman/listinfo/cas>
>
>
> _______________________________________________
> Yale CAS mailing list*
> **cas at tp.its.yale.edu* <cas at tp.its.yale.edu>*
> **http://tp.its.yale.edu/mailman/listinfo/cas*<http://tp.its.yale.edu/mailman/listinfo/cas>
>
> ForwardSourceID:NT000871C6
>
>
> _______________________________________________
> Yale CAS mailing list*
> **cas at tp.its.yale.edu* <cas at tp.its.yale.edu>*
> **http://tp.its.yale.edu/mailman/listinfo/cas*<http://tp.its.yale.edu/mailman/listinfo/cas>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
> ForwardSourceID:NT000872EA
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20061101/a705b1a1/attachment-0001.html
More information about the cas
mailing list