Pål, Can you be more specific regarding the "active sessions"? Are these application sessions that have been created after a users has been authenticated via CAS?
If the credentials are known to be compromised (social engineering or otherwise) you'd want to prevent further use of them, likely by controlling them at the primary authentication source (LDAP, Kerberos, etc). If you have deployed Single Sign Out, you could potentially customize CAS with an administrative feature that would call out to active application sessions and log off a specified user. Out of the box this is not available. Bill -- William G. Thompson, Jr. Senior Technologist - Development Information Systems Office of Development, Princeton University voice: 609.258.2655 | [email protected] On Tue, Jan 20, 2009 at 10:08 AM, Pål Axelsson <[email protected]> wrote: > Hi, > > > > Our IRT team has come up with a question that I can't find the answer for. > > > > Is't possible to invalidate all active sessions for a specific user > identity? > > > > If one of our users account is hijacked for example y social engineering we > want to remove all active sessions for that user identity in a simple and > controlled way. Is that possible? > > > > Pål Axelsson > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
