> > > > Is there any way that I can manually expire TGTs for users that are > expired based on the user expiry date/time? It's my understanding that CAS > will automatically send out logout messages to registered services after a > user manually logs out. I can handle these messages in those services, but > I'm not sure how to initiate the process manually for an expired user. >
This might help: https://apereo.github.io/cas/development/installation/Configuring-SSO-Session-Cookie.html#administrative-endpoints See "ssoSessions". You could design it as an out-of-band process to fetch the user id for the expired account, locate the TGT for that user id, and send it as a DELETE op to that endpoint, to initiate SLO...or catch the "user is expired" error somewhere in the webflow from the handler and do the same there. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/61d5495f-3aa6-4fe5-8ff3-88b800ec3869%40apereo.org.
