Hi all, 

I'm cassifying a little php application (dealing with schools), which is
using many databases (in fact one database for one school). Single sign-on
is OK, all is working fine on that side, but i'm having problem with Single
Sign-Out. 

The problem is that when my application receives the CAS POST logout
request, my application can't know in which database the session
(corresponding to the session_id provided by the logout Request) must be
deleted. (because each school has a database, with a table containing the
sessions). 

I hope i'm clear enough for you to understand. 

So, i see 3 solutions, and i hope you will be able to help me : 

   - The better solution in my opinion would be to send an information to
CAS at login (for example the ID of the concerned school), and that CAS
could be able to send it back in the logout request (as an attribute in
saml...). Can you tell me if CAS provides such a mecanism to add attributes
to the global logout request ? (After browsing CAS Wiki... it's seems not...
but I would prefer to have your confirmation) 

   - Another solution should be to store, in a common database, the ST
Ticket and the database where the corresponding session has been stored. 

   - The last solution should be to do the same thing on a temp directory on
the disk, but i think it's not a good idea for performance reasons. 

After another reflexion, i see another, maybe better solution : 
   - store the sessions in a separate common database... (but i must
consider if there are no security problem this way...)

Thank you for your help and suggestions, 

Regards, 

Thomas.
-- 
View this message in context: 
http://n4.nabble.com/Question-Problem-about-Single-Sign-Out-tp622663p622663.html
Sent from the CAS Users mailing list archive at Nabble.com.

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to