Applications also
know STs which are needed to logout user on CAS logoutRequest.
We loop through applications links and question them for user’s
last-click-time.
Ah.. there is a mistake in above sentence.
Correct should be:
Applications also know TGTs which are needed to logout user on CAS
logoutRequest.
If I understand correctly, this interrogation is happening at the CAS
server.
Yes. It's triggered by normal CAS ticketRegistryCleaner.
I'm very curious to know how you are obtaining last-click
time from service tickets.
I'm obtaining last-click form application.
My ExpirationPolicy class sends POST requests to each application user
have been logged to.
There is one parameter in POST:
lastAccessedTimeRequest=<LastAccessedTimeRequest><SessionIndex>TGT-xx-yyyyyy</SessionIndex></LastAccessedTimeRequest>
Application knows this TGT (in order to handle single-sign-otu) and
should return last-click for this TGT.
Links to applications could be via
ticket.getServices() method of ticketStateObject.
In standard CAS client/server workflows,
the ticket is used exactly once to obtain entry in the application
initially. I suppose you could force round-trips to CAS on every
request in the case of a stateless (with respect to SSO) application
that requests/validates a new service ticket on each access, but that
is a very unusual scenario.
No we use STs in usual way. Sorry for my mistake.
--
Michal Pysz
Information Technology Section
Jagiellonian University
Krakow, Poland
https://login.uj.edu.pl/
http://www.jasig.org/cas/deployments/jagiellonian-university-
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
