Bill, Many Thanks for the Reply.
After a bit more research it I looks like concurrent session control seems to do what I'm trying to achieve. But due to the way we have our app is deployed (without persistent sessions) it looks like it will be almost impossible to include within our application. Also im guessing If this was added to the Cas server this wouldn't work as it look for HTTPSessions and won't take account for TGT. It looks like your idea of adjusting the logon flow to take account of existing TGT and then invalidate them seems the best approach. Would i need to work out what services tickets are valid for each server or would the single sign-out do that for me? Any idea where I should look to get more details on how the single sign out actually works. To work out what i need to change/recreate. Thanks for your time. James Parry -----Original Message----- From: William G. Thompson, Jr. [mailto:[email protected]] Sent: 28 June 2011 14:51 To: [email protected] Subject: Re: [cas-user] Cas to limit users to a single authenticated session. On Mon, Jun 27, 2011 at 9:58 AM, James Parry <[email protected]> wrote: > Hi All, > > > > I'm after some guidance brief guidance as to if anyone has done anything > like the following. > > > > We've had a request to only allow a user to be logged in once. Meaning that > if they logs in a second time it invalidates to first logon kicking them out > of the system. In order to achieve this behavior you'll have to deal with the application sessions. Your app would have to detect the second login was from the same user and somehow invalidate the previous application session. This has little to do with CAS per se. And sounds like it would be difficult to implement given your architecture. > > I was wondering if anyone else in the community has adapted Cas to work in > this manner or is this feature already supported and I've just missed. Not that I know of. You could modify CAS server to detect a second login, kill the previous TGT and initiate the Single Logout flow based on the initial TGT. Not sure if that all lines up though with the current CAS code base, it may take some deep CAS mods. And you'd still have to application session addressibility issue for SLO to work. Best, Bill > > > > I'm using 2 clustered Cas (Tomcat Session/ JPA ticket reg) to allow users > to authenticate for our own single web application that distributed over > about 12 servers with Load balanacer stick sessions to stick a user to a > single server. > > > > My main question is would this sort of thing even be possible within Cas or > is it completely infeasible. > > I'm assuming that Service Tickets will just need to be validated far more > regularly (not just at the start of the users session on a server) to be > able to invalidate the initial users tickets. And ensure that if the user > logs in a second time i invalidate the original ticket. Would this approach > work or am I completely off base? > > > > Many Thanks for any replys. Eagerly awaiting anyone's input. > > > > James Parry > > > > > > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 6243 (20110627) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user __________ Information from ESET NOD32 Antivirus, version of virus signature database 6245 (20110627) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 6247 (20110628) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 6248 (20110628) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 6249 (20110629) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 6249 (20110629) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
