Hi Madhavi, On Jun 2, 2011, at 7:14 PM, Madhavi Polisetty wrote:
> I just want to make one more point here. The CAS setup we have will > authenticate the user who can access resources any of the 3 applications in > any order. > > In short, while the user is actively working on any one of the applications > the TGT should stay alive. > > If the user let all the opened sessions timeout, then the TGT should be > destroyed to avoid misuse of the browser window > > Any responses ideas on this would be greatly appreciated. This is the behavior we wanted at my institution as well. It is not supported out of the box in the JA-SIG CAS Server (or any of the CAS server implementations we tried). We came up with this scheme: * Modify the JA-SIG CAS server such that TGTs are extended when a PT is requested from any related PGT. (Out of the box, the TGT is only extended when an ST is requested.) * Modify applications to issue a PT request when the user is active and the CAS session will soon expire. * Set the CAS session and application session durations to be the same. We've done the first part (which has other benefits too -- it means that a user will continue to be able to use proxy-authenticated services so long as she is active in the application, even if the TGT would have otherwise expired), but not the second part. I'm planning on releasing the JA-SIG server extensions that enable the first part, but I haven't had time to document how to use them yet. Rhett > > Thanks > Madhavi > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
