Hi, Is there any way to do this? In the 2nd login request, browser send both user name, password and CASTGC cookies to CAS server. So, how may I customize any class (or configuration) in CAS server to detect that login request included CASTGC cookie and perform logout for ticket corresponding with that sent cookies?
On Fri, Oct 11, 2013 at 9:55 PM, Nick Sayer <nsa...@silverspringnet.com>wrote: > I don't think you can necessarily know that user A has a second session > as user B. You could compare the source IP addresses (stored as an > attribute in the Authentication object)... perhaps go through the > ticketRegistry and find all the TGTs with the same IP address and expire > and remove them (when you expire a TGT, it will perform single-sign-out, > which is the best you can do to revoke a session derived from a TGT). But > that's going to annoy users who are behind a common NAT and thus share the > same IP address. > > ------------------------------ > *From:* Nguyen Dao Ngoc Anh [harryp...@gmail.com] > *Sent:* Friday, October 11, 2013 3:25 AM > *To:* cas-dev@lists.jasig.org > *Subject:* [cas-dev] How to invalidate overrided TGC cookies > > Hi guys, > > I'm new to CAS and SSO. I'm developing a system included multiple > applications and I got a problem as bellow scenario: > > My system has 2 web applications: APP1 and APP2 > > I open login form of both APP1 and APP2 on 2 different tab of a browser > but not login yet (eg: Mozilla Firefox) > > I enter user name and password on login form of APP1. CAS validate my > inputted account successfully and redirect browser to APP1 > > Then, I enter another valid account on login form of APP2. CAS also > accept my request and redirect browser to my APP2. > > In this case, the CASTGC cookie from CAS server of first account is > overridden, but my APP1 is never know that current login account > corresponding with first login is expired. So, my first account in APP1 is > able to do everything > > My question is how make CAS expire the overridden CASTGC cookie and > notify to every service of that account (like logout that account of the > overridden cookie) > > Pls give me some suggestions to solve this problem > > Thanks and best regards, > > -- > Nguyen Dao Ngoc Anh (Mr.) > > email: harryp...@gmail.com <harryp...@gmail.com> > anh...@live.com > > > phone: (+84)947265787 > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > nsa...@silverspringnet.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > harryp...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- Nguyen Dao Ngoc Anh (Mr.) email: harryp...@gmail.com <harryp...@gmail.com> anh...@live.com phone: (+84)947265787 -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
