Eirik Schwenke wrote:
<end-of-day-off-topic-rant>
The above (varying levels of IT competence) is *exactly* why Single
Sign On without Single Sign Out is always going to be a huge security
issue.
I think the general reason for requiring Single Sign Out via a global
portal is that most "enterprise" system is horrible, broken insecure
crap -- and the contractors couldn't be bothered to care about
security of the sytems involved, or read enough of a spec to be able
to actually *provide* single sign out...
</rant>
Lol :-)
Really, the fact is that I *do* share this view. Unfortunately, I can
only point out this - as I did when we started the SSO project - to the
people who take decisions.
Thanks for the suggestions.
Just one more thing...
I guess the reason why you'd want this is because you've given up on
single sign on, and use CAS simply as a way to synchronize login names
and passwords across several servers. I guess this is fine -- it's
just a bit different from what CAS really is intended to do.
No, actually what I've been requested to do is to implement just a
single Sign On to be a single entry point for all our webapps. The idea
is that SSout is "automatic" when someone disconnects from the corporate
network, whereas SSon can be performed by any of the webapps (different
users initiate their sessions in different ways).
No more rants for today :-)
Best,
G
--
____________________________________
Giuseppe Sollazzo
Systems developer and administrator
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE
Email: [email protected]
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en.
