On May 29, 2013, at 11:05 AM, Marvin Addison <[email protected]> wrote: > It just occurs to me that strictly speaking we already have support for the > latter. The RESTful API exposes the following method: > > public void destroyTicketGrantingTicket(final String ticketGrantingTicketId) > {...}
The REST API sounds promising, though for the case I had in mind, being able to identify and invalidate TGT(s) by principal name would be best. Optionally, perform 'logout' call backs to registered services. Given warnings on the corresponding web page, we might consider deploying an additional node in the CAS cluster, not exposed to the outside world (cf. load balancer), whose principal purpose would be to expose the API to security apps (kind of a waste of resources tho'). That, or protect the API paths using e.g. public key. Tom. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
