SV: Invalidate all sessions for a user identity

Pål Axelsson Pal.Axelsson at its.uu.se
Tue Jan 20 19:19:53 EST 2009 

Hi again,

The backend for CAS is handled of course in occasions as described and
application that support Single Sign Off is too few. A lot of them on the
other hand "recasifies" the user now and then to check that the session is
still valid. So what we want to do is to invalidate all sessions for a
specific user identity, together with an single sign off request for every
session.

/Pål

-----Ursprungligt meddelande-----
Från: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] För
William G. Thompson, Jr.
Skickat: den 20 januari 2009 19:54
Till: Yale CAS mailing list
Ämne: Re: Invalidate all sessions for a user identity

Pål,

Can you be more specific regarding the "active sessions"?  Are these
application sessions that have been created after a users has been
authenticated via CAS?

If the credentials are known to be compromised (social engineering or
otherwise) you'd want to prevent further use of them, likely by
controlling them at the primary authentication source (LDAP, Kerberos,
etc).

If you have deployed Single Sign Out, you could potentially customize
CAS with an administrative feature that would call out to active
application sessions and log off a specified user.  Out of the box
this is not available.

Bill
--
William G. Thompson, Jr.
Senior Technologist - Development Information Systems
Office of Development, Princeton University
voice: 609.258.2655 | wthompso at princeton.edu


On Tue, Jan 20, 2009 at 10:08 AM, Pål Axelsson <Pal.Axelsson at its.uu.se>
wrote:
> Hi,
>
>
>
> Our IRT team has come up with a question that I can't find the answer for.
>
>
>
> Is't possible to invalidate all active sessions for a specific user
> identity?
>
>
>
> If one of our users account is hijacked for example y social engineering
we
> want to remove all active sessions for that user identity in a simple and
> controlled way. Is that possible?
>
>
>
> Pål Axelsson
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4941 bytes
Desc: not available
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20090121/f5043c76/attachment.bin

More information about the cas mailing list