Hi all,
I want a remote CAS log me out (on the remote CAS server) when I log out from
my local CAS.
The story is that the remote CAS trusts my local CAS, so I have been
successfully authenticated by a remote CAS based on my authenticated status at
a home (local) CAS.
Now what I want to do is when I log out from my local CAS, in addition to
logging me out here, I want to send some message to the trusting remote CAS
server to end my authenticated status there.
Something like:
https://localCAS/logout&https://remoteCAS/logout
I thought the following sequence of events:
1. I am logged out successfully from my local CAS
2. A request to log me out is sent to the remote CAS
3. the remote CAS asks my CAS: is he (really) logged out?
4. my CAS server says: user is logged in no more (but does not tell who "user"
is)
5. then the remote CAS logs me out
Trouble:
Some work has been done to get a locally authenticated user trusted by the
remote CAS with the help of a convenient user registry on the remote end. A
successful authentication at the local CAS provides the remote CAS a username
and we used that username and a previously stored "id" to authenticate that
user.
But in the case of logging out, in #3 above, the remote CAS will NOT receive
any username (because the user will have already logged out), so a database
search to check authenticity would not be possible.
The remoteCAS cannot and should not trust if somebody just says "logout
thisUser", right?
Can someone give me some pointers? I will read documents (if there are any!),
but it would be better to start with something in mind rather than with nothing.
Someone may have had similar use case and/or have some idea, even if not fully
implemented/explored.
I just thought while writing this message: would it be possible to send a
remote logout request first, wait for the remote CAS to make inquiries, and
wait a few seconds, and proceed to log out from the local server?
At least until I hear some comments, I want to search in this direction.
Cheers.
--o0o--
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
