I have read several posts regarding situations where a user might log into an SSO-enabled application (webappA) that has an inactivity timeout that is less than the SSO session timeout. When the application session expires, one of the recommendations I've seen for forcing the user to re-enter their credentials is to set the renew=true parameters. However, I'm not quite certain how that would work:
Setting those parameters unconditionally means we no longer have single sign-on, correct? If the user first accesses another SSO-enabled application (webappB), then navigates to webappA, the renew=true parameters configured for logging into webapp A would force the user to re-authenticate. So that would defeat the purpose of having single sign-on. Unless the idea was to set those parameters only when we know the application session has timed out? How could that be done? Any help would be greatly appreciated. Thanks! -- View this message in context: http://jasig.275507.n4.nabble.com/SSO-and-application-timeout-tp2246670p2246670.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
