Off-line proxy authentication

Andrew Ralph Feller, afelle1 afelle1 at lsu.edu
Mon Oct 6 08:55:01 EDT 2008 

Scott,

While digging through the CAS 3.2.1 branch looking into the registry and
related things, I noticed that the ticket registry cleaners simply look for
expired tickets and remove them from the registry.  Please excuse me if I am
missing something, but shouldn¹t expired tickets¹ expire() method be called
to ensure users are logged out of applications?  The
destroyTicketGrantingTicket() method in CentralAuthenticationServiceImpl is
the only place I can see where sign out requests are made.

Thanks,
Andrew


On 10/4/08 11:37 AM, "Scott Battaglia" <scott.battaglia at gmail.com> wrote:

> Tickets will be either removed or expired when a user explicitly logs out of a
> system (or the Expiration Policy is reached).  We don't have any services here
> at Rutgers that I'm aware of that act on behalf of the user if the user isn't
> around.
> 
> -Scott
> 
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> 
> 
> On Fri, Oct 3, 2008 at 10:27 AM, Andrew Ralph Feller, afelle1
> <afelle1 at lsu.edu> wrote:
>> We are investigating a new process management tool that interacts with
>> services (via HTTP, SOAP, RMI, etc) and the question came up how it would
>> play with CAS.  In the case it accesses a CAS protected service, the problem
>> is that the process management tool will perform some task on behalf of the
>> user that has already logged off of CAS.  I haven't dug into the ticket
>> registry cleaner code yet, however I am sure that proxy tickets are removed
>> upon a user signing out of CAS.
>> 
>> Has anyone encountered this situation?  If so, then how have you handled
>> this?
>> 
>> Thank you,
>> Andrew

-- 
Andrew R. Feller, Analyst
Information Technology Services
200 Fred Frey Building
Louisiana State University
Baton Rouge, LA 70803
(225) 578-3737 (Office)
(225) 578-6400 (Fax)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20081006/4dcfe12f/attachment.html

More information about the cas mailing list