Hi,
In my CAS setup, I will have my TGT expiration set to a very high value like
may be like 1day or something like that.
The idea is, I want the TGT to be destroyed when one of the following happens.
1. the user of the client application clicks on logout
This I will achieve by proving a link to https://casserver/cas/logout in
the header of every page as "LOGOUT". Upon clicking this, the logout event of
the CAS server will destroy the TGT and also issue SAML requests to the other
clients to invalidate their sessions. Unless I have any flaws in my
understanding,I am thinking I have this figured out.
2. When the user of the client application leaves the application idle long
enough to expire the client application session.
My plan for this is, there should be something like sessionlistener listening
to the session on the client app and as and when the session expired, it should
make a request to the CAS server logout URL.
The plan looks simple but I am not able to figure out how to do this. I need
help in implementing what I have listed above or any other way to achieve the
same effect.
I greatly appreciate any help on this.
Thanks
Madhavi
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
