On Sun, Jan 16, 2011 at 4:17 AM, Moshe Ben Shoham <[email protected] > wrote:
> Hi, > > This is mainly a question to CAS developers. > > CAS-686 was fixed in 3.3.5. I would like to understand the motivation > behind it and maybe override the behavior. > > 1. Why should a user be logged out of an application just because the CAS > ticket expired, which is actually just because he/she did not login to > another application? in the JIRA issue itself ( > https://issues.jasig.org/browse/CAS-686?page=com.atlassian.jira.plugin.system.issuetabpanels:changehistory-tabpanel#issue-tabs) > it is mentioned that this behavior may not be appropriate to all systems, > yet it was decided to implement it without an apparent way to override it. > Why? > The typical thinking is that if a long-lived ticket has no longer been used, there is a high likelihood the user has walked away. I can see however, how that might not be ideal for some people. > 2. How can I override this behavior? I do not see it is configurable in any > way. I can maybe extend TicketGrantingTicketImpl and implement expire() such > that it does not invoke logOutOfServices(), but I do not see where I can > configure CAS to use my implementation. > > Its relatively easy to disable all single log out requests. If you'd just like to disable it from the registry cleaner, open a ticket and I'll get the flag to enable/disable into CAS 3.4.6. Cheers, Scott > Thanks in Advance, > Moshe > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
