sso authentication process
Luk Claes
luk.claes at ugent.be
Thu Mar 8 08:45:03 EST 2007
Quoting John Fereira <jaf30 at cornell.edu>:
> Scott Battaglia wrote:
>> CAS 3 does not currently support single sign out. CAS 3.1 will
>> support single sign out. Though, I'm not sure if we would support
>> the scenario where logging out of one particular application logged
>> you out of everything (or even notified other applications).
>>
>> Our initial scenario would probably be if your CAS session timed out
>> or you explicitly logged out of CAS it would notify all applications
>> from that CAS session.
>>
>> But again, we haven't finalized everything yet so we are interested
>> in feedback.
> I am curious about you're think about how this would be implemented.
> The suggestion that CAS could send a message to a message queue would
> seem to work, but every application that wanted to participate in
> single signout would have to implement a message queue listener.
> I've played around a bit with Apache ActiveMQ and that would seem to
> work.
>
> I suppose another option would be to provide a "signout action url"
> that would get registered in CAS when an application calls the CAS
> login action.
The advantage of this signout action url is that it's very flexible and can
easily be implemented/used by all applications.
Cheers
Luk
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Luk Claes e-mail: Luk.Claes at UGent.be
Directie ICT Afdeling ICT-Toepassingen Groep ICT-projecten
Universiteit Gent fax: +32 9 264 4994
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
More information about the cas
mailing list