Michaël,
If you know the TGC for the account (from the logs), you can hit the `/logout`
endpoint with the cookie.
Below is a short Python script I use for this purpose:
#! /usr/bin/env python
import urllib
import urllib2
import sys
def make_cookie(k, v):
return "%s=%s" % (urllib.quote(k), urllib.quote(v))
def run(ticket):
"""
"""
logout_url = 'https://cas.lafayette.edu/cas/logout'
req = urllib2.Request(logout_url, headers={'Cookie':
make_cookie('CASTGC', ticket) + ';'})
try:
f = urllib2.urlopen(req)
except Exception as ex:
print ex
sys.exit(1)
f.close()
if __name__ == '__main__':
argv = sys.argv[1:]
if len(argv) == 1:
run(argv[0])
else:
print >> sys.stderr, "Usage: %s <TICKET>" % sys.argv[0]
sys.exit(1)
I have this script saved as "zap_ticket.py". I just copy the TGC from the logs
and invoke like:
$ ./zap_ticket.py TGC-REALticketGOEShere
Thanks,
Carl Waldbieser
ITS System Programmer
Lafayette College
----- Original Message -----
From: "Michael Todorovic" <[email protected]>
To: [email protected]
Sent: Wednesday, August 20, 2014 3:20:24 AM
Subject: [cas-user] Destroy a user ticket on purpose
Hello,
I am using cas 4 with Active Directory and account states.
I would like to know how I can destroy a user ticket to close his session on
purpose. For example, the user logs in on Monday, session expiration is set on
one week (for good user experience) but for security reasons, I need to disable
all his accesses on Wednesday. I will disable his account in AD but his session
with CAS may be still alive. How can I kill the user session on purpose?
Thanks,
Michael
Michaël Todorovic
IT Security Engineer, Systems Team
S&P Capital IQ / Real-Time Solutions
[cid:[email protected]]<https://twitter.com/QuantHouseNews>
[cid:[email protected]]
<http://www.linkedin.com/company/121040?trk=tyah>
________________________________
The information contained in this message is intended only for the recipient,
and may be a confidential attorney-client communication or may otherwise be
privileged and confidential and protected from disclosure. If the reader of
this message is not the intended recipient, or an employee or agent responsible
for delivering this message to the intended recipient, please be aware that any
dissemination or copying of this communication is strictly prohibited. If you
have received this communication in error, please immediately notify us by
replying to the message and deleting it from your computer. McGraw Hill
Financial reserves the right, subject to applicable local law, to monitor,
review and process the content of any electronic message or information sent to
or from McGraw Hill Financial e-mail addresses without informing the sender or
recipient of the message. By sending electronic message or information to
McGraw Hill Financial e-mail addresses you, as the sender, are consenting to
McGraw Hill Financial processing any of your personal data therein.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
