Giuseppe Sollazzo
Tue, 09 Mar 2010 01:43:36 -0800
Eirik Schwenke wrote:
<end-of-day-off-topic-rant>The above (varying levels of IT competence) is *exactly* why Single Sign On without Single Sign Out is always going to be a huge security issue.I think the general reason for requiring Single Sign Out via a global portal is that most "enterprise" system is horrible, broken insecure crap -- and the contractors couldn't be bothered to care about security of the sytems involved, or read enough of a spec to be able to actually *provide* single sign out...</rant>
Lol :-)Really, the fact is that I *do* share this view. Unfortunately, I can only point out this - as I did when we started the SSO project - to the people who take decisions.
Thanks for the suggestions. Just one more thing...
No, actually what I've been requested to do is to implement just a single Sign On to be a single entry point for all our webapps. The idea is that SSout is "automatic" when someone disconnects from the corporate network, whereas SSon can be performed by any of the webapps (different users initiate their sessions in different ways).I guess the reason why you'd want this is because you've given up on single sign on, and use CAS simply as a way to synchronize login names and passwords across several servers. I guess this is fine -- it's just a bit different from what CAS really is intended to do.
No more rants for today :-) Best, G -- ____________________________________ Giuseppe Sollazzo Systems developer and administrator Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160Fax: +44 20 8725 3583
-- You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to trac-us...@googlegroups.com. To unsubscribe from this group, send email to trac-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.