Hi Noah,
well... theoretically you are at least partially right. But that's not
the case when discussing a real implementation and I can explain why.
The point with CAS is that it offers an *optional* single sign out
procedure. Most applications/implementations won't log out the full CAS
session. In most installs I've seen, there is no interest for a single
sign out, or when such interest is valid, single sign out is performed
using a centralized "logout" web application (generally it's the
corporate portal).
There are many reasons for doing this, but the very simple one (the one
most sysadmin give when asked) is that most users are fine with a
centralized login, but would not assume to have logged out globally. In
environment with thousands of users, all of them very diverse (wrt to IT
skills), it's not advisable (and it's common practice) to have a single
sign out, but just a single sign on.
That's why configuring most applications (I've had experience with
Moodle, Plone, Apache, and some others) you get asked, in the
configuration files/gui, to specify entry points for both /login and
/logout. Actually, all apps so far allow that, except trac.
So the question is still valid :-) Is there a known way of avoiding
single sign out?
Giuseppe
Noah Kantrowitz wrote:
What else would a logout button do than log you out? If the name of the game
is SSO, it makes no sense to log you out of Trac while leaving your CAS
session valid (clicking login would just log you back in again).
--Noah
-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of Giuseppe Sollazzo
Sent: Friday, March 05, 2010 2:05 AM
To: [email protected]
Subject: [Trac] TracCasPlugin performs unwanted logout (or single sign
out)
Hi,
I'm experimenting with TracCasPlugin allowing Trac to run CAS
authentication.
The problem is that upon clicking on "logout", the single sign out
(i.e.
logout from CAS server) is called. This is an unwanted behaviour, as it
causes all other services running CAS to be de-authenticated. Generally
when implementing a CAS solution, a control over logout is wanted, and
TracCasPlugin seems rather to give no choice.
Has anyone got any experience of this issue?
Thanks,
--
____________________________________
Giuseppe Sollazzo
Systems developer and administrator
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE
Email: [email protected]
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583
--
You received this message because you are subscribed to the Google
Groups "Trac Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to trac-
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en.
--
____________________________________
Giuseppe Sollazzo
Systems developer and administrator
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE
Email: [email protected]
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en.
