Single Sign Out and the Service Registry

Scott Battaglia scott.battaglia at gmail.com
Sun Jun 10 13:48:22 EDT 2007 

Dusty,

You're on the technological bleeding edge and I haven't had time to document
anything yet!  :-)

The Services Management tool is not required for Single Log Out.  We're
going to assume the logout url is the same as the service url (this as you
said, makes things easy and minimizes CAS configuration).

The Services Management stuff is for restricting access to CAS. CAS assumes
it will be there and that it will always return some value.  However, you'll
notice that the ServicesManager class will always return a dummy
RegisteredService with full access if there are no entries in the database.
So instead of replacing the ServicesManagerImpl, you should provide it with
a dummy ServicesRegistryDao that doesn't go to a database (its what we do in
test).  You could also merely leave it where it is.  You'll just have some
extra libraries around ;-)

Hope that helps.  I hope to start documenting this and the OpenId support
sometime this week.

-Scott


On 6/8/07, Dusty Burwell <ascalonx at gmail.com> wrote:
>
> I was curious if the implementation of single sign out that will be
> incorporated
> into CAS 3.1 is going to rely on the ServiceManager/service registry?  I
> started
> thinking about it as I was playing with the 3.1-m3 release and trying to
> rip out
> the service registry. It seems to be a feature that isn't necessary for my
> needs, if it's what I think it is, anyway.  I, at first, thought that it
> was
> just an access restriction tool, but then I got to thinking:
>
> Will one need to register all the services that will be CASified in order
> for
> single sign out to work?  This seems to go against one of the key things
> that
> drew me to CAS, its open, anyone-who-casifies-their-app-can-access nature.
>
> Or is it that, as a user signs into CASified apps an entry will be added
> to the
> registry so that CAS knows to notify those apps that have been signed into
> of a
> sign out?  This seems more like the way I would expect it to work.
>
>
> Finally, if the service registry is merely for maintaining access
> restriction
> and has no bearing on SSOut, is there an easy way to pull it out w/o
> breaking
> anything (I really don't want to have to rely on all those hibernate libs
> if I
> don't need to).  I tried just taking it out of the applicationContext.xml,
> but
> it needs to be non-null for the centralAuthenticationService bean.  Then I
> just
> made a dummy implementation of the ServiceManager interface that does
> nothing
> and stuck it in there.  But, that made my login page not do anything.
>
> Any ideas?
>
> Thanks,
> Dusty Burwell
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070610/8c635a77/attachment.html

More information about the cas mailing list