> Applications also > know STs which are needed to logout user on CAS logoutRequest. > We loop through applications links and question them for user’s > last-click-time.
If I understand correctly, this interrogation is happening at the CAS server. I'm very curious to know how you are obtaining last-click time from service tickets. In standard CAS client/server workflows, the ticket is used exactly once to obtain entry in the application initially. I suppose you could force round-trips to CAS on every request in the case of a stateless (with respect to SSO) application that requests/validates a new service ticket on each access, but that is a very unusual scenario. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
