By far the least "chatty" method of implementing this, meaning "I want my app to terminate its session once the user logs out of CAS," is to implement CAS Single Sign-Out. CAS notifies all services that received a service ticket once the user has signed out (http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out).
This way your application does not have to query CAS or perform countless ticket validations. Adam Dallas wrote: > Hi Rolly, thanks for the comments > > Well right... I wouldn't ping ldap to manage my session either ;-) > > But to my mind hitting CAS is not equivalent to hitting my ldap server. My > view is that as a service application the CAS client/server combo abstracts > away the underlying persistence backend(s) and provides me an API that > allows me to mange a specific aspect (e.g. authentication) of user's access > to, and usage of, my systems. > > I agree that doing something along the lines of what is being discussed > could get chatty if misused/abused, but as you suggested, something along > the lines of a periodic check at a reasonable frequency (factoring in peak > concurrent usage, number of page hits, average time on page, etc) would > probably be sufficient to prevent serious performance hits. > > At this point in time we have not settled on an approach, and using CAS for > this stuff may not be the right thing to do, but we are exploring this as an > option. > > > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
<<attachment: arybicki.vcf>>
