> I have read several posts regarding situations where a user might log into an > SSO-enabled application (webappA) that has an inactivity timeout that is > less than the SSO session timeout.
This is standard practice in an SSO environment; SSO sessions are long-lived, Web application sessions are short-lived. > Setting those parameters [renew=true] unconditionally means we no longer have > single > sign-on, correct? Correct. > Any help would be greatly appreciated. I would recommend you consider carefully what problem you are trying to solve. In an SSO environment it should not be of concern that the SSO session is still active when an application session ends. If you want to attempt to end the SSO session when the Web application session ends, the best you can do is provide a link to the /logout URL on the CAS server in place of an application logout link and enable single sign-out as Tobias mentioned. Note this will not address session timeout cases. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
