On Thu, 2 Jun 2011, Madhavi Polisetty wrote:
Hi,
In my CAS setup, I will have my TGT expiration set to a very high value
like may be like 1day or something like that.
The idea is, I want the TGT to be destroyed when one of the following
happens.
1. the user of the client application clicks on logout
This I will achieve by proving a link to https://casserver/cas/logout
in the header of every page as "LOGOUT". Upon clicking this, the logout
event of the CAS server will destroy the TGT and also issue SAML
requests to the other clients to invalidate their sessions. Unless I
have any flaws in my understanding,I am thinking I have this figured
out.
2. When the user of the client application leaves the application idle
long enough to expire the client application session.
My plan for this is, there should be something like sessionlistener
listening to the session on the client app and as and when the session
expired, it should make a request to the CAS server logout URL.
The plan looks simple but I am not able to figure out how to do this.
I need help in implementing what I have listed above or any other way to
achieve the same effect.
When the user of the client application has been idle too long, and they
click/reload the page, invalidate your app session and redirect them to
the CAS logout page.
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
