Off-line proxy authentication
Scott Battaglia
scott.battaglia at gmail.com
Mon Oct 6 09:37:57 EDT 2008
On Mon, Oct 6, 2008 at 7:55 AM, Andrew Ralph Feller, afelle1 <
afelle1 at lsu.edu> wrote:
> Scott,
>
> While digging through the CAS 3.2.1 branch looking into the registry and
> related things, I noticed that the ticket registry cleaners simply look for
> expired tickets and remove them from the registry. Please excuse me if I am
> missing something, but shouldn't expired tickets' expire() method be called
> to ensure users are logged out of applications? The
> destroyTicketGrantingTicket() method in CentralAuthenticationServiceImpl is
> the only place I can see where sign out requests are made.
>
Tickets can either be expired explicitly (i.e. expire()) or via some form of
timeout configured with the expiration policy. With the expiration policy
it will automatically realize if its expired (though we do have an open bug
related to single sign out and the automatic expiration).
-Scott
>
> Thanks,
> Andrew
>
>
> On 10/4/08 11:37 AM, "Scott Battaglia" <scott.battaglia at gmail.com> wrote:
>
> Tickets will be either removed or expired when a user explicitly logs out
> of a system (or the Expiration Policy is reached). We don't have any
> services here at Rutgers that I'm aware of that act on behalf of the user if
> the user isn't around.
>
> -Scott
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> On Fri, Oct 3, 2008 at 10:27 AM, Andrew Ralph Feller, afelle1 <
> afelle1 at lsu.edu> wrote:
>
> We are investigating a new process management tool that interacts with
> services (via HTTP, SOAP, RMI, etc) and the question came up how it would
> play with CAS. In the case it accesses a CAS protected service, the problem
> is that the process management tool will perform some task on behalf of the
> user that has already logged off of CAS. I haven't dug into the ticket
> registry cleaner code yet, however I am sure that proxy tickets are removed
> upon a user signing out of CAS.
>
> Has anyone encountered this situation? If so, then how have you handled
> this?
>
> Thank you,
> Andrew
>
>
> --
> Andrew R. Feller, Analyst
> Information Technology Services
> 200 Fred Frey Building
> Louisiana State University
> Baton Rouge, LA 70803
> (225) 578-3737 (Office)
> (225) 578-6400 (Fax)
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20081006/3884e0de/attachment.html
More information about the cas
mailing list