Hi all, I'm cassifying a little php application (dealing with schools), which is using many databases (in fact one database for one school). Single sign-on is OK, all is working fine on that side, but i'm having problem with Single Sign-Out.
The problem is that when my application receives the CAS POST logout request, my application can't know in which database the session (corresponding to the session_id provided by the logout Request) must be deleted. (because each school has a database, with a table containing the sessions). I hope i'm clear enough for you to understand. So, i see 3 solutions, and i hope you will be able to help me : - The better solution in my opinion would be to send an information to CAS at login (for example the ID of the concerned school), and that CAS could be able to send it back in the logout request (as an attribute in saml...). Can you tell me if CAS provides such a mecanism to add attributes to the global logout request ? (After browsing CAS Wiki... it's seems not... but I would prefer to have your confirmation) - Another solution should be to store, in a common database, the ST Ticket and the database where the corresponding session has been stored. - The last solution should be to do the same thing on a temp directory on the disk, but i think it's not a good idea for performance reasons. After another reflexion, i see another, maybe better solution : - store the sessions in a separate common database... (but i must consider if there are no security problem this way...) Thank you for your help and suggestions, Regards, Thomas. -- View this message in context: http://n4.nabble.com/Question-Problem-about-Single-Sign-Out-tp622663p622663.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
