Hi, Sorry if I was unclear, but the logout I'm talking about is the CAS logout, which notifies all the applications that the session for the user must be terminated. So the user is logged out from all applications (including the management one). Best regards, Jérôme
2014/1/13 Michael Wechner <[email protected]> > Hi Jérôme > > How do you "notify" the other applications that the user got logged out > from the management application? > > Thanks > > Michael > > Am 13.01.14 16:09, schrieb Jérôme LELEU: > > Hi, > > > > Our way : everytime a user change something in his management > application, > > we display a message like "Your change will be taken into account only > > after logout. Please click this link to logout". And the user is logged > out > > from all applications including the management one. > > Best regards, > > Jérôme > > > > > > > > 2014/1/13 Michael Wechner <[email protected]> > > > >> Hi Jérôme > >> > >> Thanks very much for your feedback. > >> > >> I guess we will logout the user from CAS, but keep the user signed in at > >> the service where he/she changed the ID. > >> But I am not sure yet whether this will have some unexpected > >> side-effects and need to sleep over it :-) > >> > >> Michael > >> > >> Am 13.01.14 14:47, schrieb Jérôme LELEU: > >>> Hi, > >>> > >>> We decided to force users to logout as the "safest and simplest" > solution > >>> for us. > >>> Best regards, > >>> Jérôme > >>> > >>> > >>> > >>> 2014/1/13 Michael Wechner <[email protected]> > >>> > >>>> Hi > >>>> > >>>> We have two services which a user has access to, whereas as login ID > we > >>>> use the email address of the user. > >>>> Since the email address of a user can change, the user can change the > >>>> email address inside the service as follows: > >>>> > >>>> - First the user signs in to the first service (service1) with > >>>> '[email protected]' and changes his/her email inside this service to > >>>> '[email protected]', but which means the email address will also be changed > >> on > >>>> the backend/identity-management, BUT (currently) not inside CAS itself > >>>> > >>>> - The user decides to go to the other service (service2), but because > >>>> the user already has a valid session with CAS, he/she does not have to > >>>> provide the (new) credentials again, but the login request > >>>> > >>>> > >>>> > >> > https://my.cas/cas-server-webapp-3.5.2/login?service=https://service2/index.html > >>>> will return > >>>> > >>>> <?xml version="1.0" encoding="UTF-8"?><cas:serviceResponse > >>>> xmlns:cas="http://www.yale.edu/tp/cas";> > >>>> <cas:authenticationSuccess> > >>>> <cas:user>[email protected]</cas:user> > >>>> > >>>> which means in the case of service2 the user is signed in with the old > >>>> username, which does not work anymore with the backend. > >>>> > >>>> My question is whether there are any recommended ways to handle such a > >>>> situation? At the moment I can see the following possibilities: > >>>> > >>>> - Force logout after the user has changed the email address, and hence > >>>> user has to sign-in again with new email address > >>>> - Update the login ID inside CAS somehow (but I guess that's not > >>>> possible for security reasons) > >>>> - Provide some mapping from old to new email address, such that during > >>>> the same session also the old email is still valid. > >>>> > >>>> I have been searching quite a bit for similar topics, but have not > found > >>>> anything really, hence any hints/feedback is much appreciated. > >>>> > >>>> Thanks > >>>> > >>>> Michael > >>>> > >>>> -- > >>>> You are currently subscribed to [email protected] as: > >>>> [email protected] > >>>> To unsubscribe, change settings or access archives, see > >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user > >>>> > >> > >> -- > >> You are currently subscribed to [email protected] as: > >> [email protected] > >> To unsubscribe, change settings or access archives, see > >> http://www.ja-sig.org/wiki/display/JSG/cas-user > >> > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
