Everybody is experiencing the same issue, and I second your request to Google for some upgrade to their end that includes a 'logout' of some kind (clearing cookies as you suggest) before the redirection to the partner SSO happens. This would really help, and not just with respect to security. For example, in our case, our Google Apps integration allows users to log in consecutively to different accounts to share information with different university courses, so we have the same kind of problem as you have. -Patricia
Patricia Goldweic [EMAIL PROTECTED] > -----Original Message----- > From: [email protected] > [mailto:[EMAIL PROTECTED] On Behalf Of Brian > Sent: Thursday, October 16, 2008 9:25 PM > To: Google Apps APIs > Subject: [google-apps-apis] SSO and security > > > Hi. > > We're experiencing the same issue as noted here > http://groups.google.com/group/google-apps-apis/msg/2a010bc76c > 267588?pli=1. > > Simply stated, if a user browses away from their SSO > authenticated mail session and walks away from the computer, > the next person to sign on will get the previous users' email. > > The responses I've seen so far haven't really addresses the > issue, since most require the user to click the sign out link > in some way. > It's inevitable that some will forget and we need something > to mitigate the resulting security problems. > > Would it be possible for Google to add a bit of code on their > end, perhaps checking a parameter requesting a session clear? > Something like http://www.google.com/a/abc.com/?clearstate > and kill the session cookies before issuing a redirect to our > SSO? page. > > TIA > > -brian > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
