We use Bb with CAS also, and disabled single sign out as Richard suggests. We found that the CAS session timeouts could cause surprising (and to the user unpredictable) timeouts while still using Blackboard with SSO. In particular, we do some testing through Bb and ran into CAS sessions timing out and logging students out of Bb in the middle of long tests...
We considered not having Bb sign users out of CAS, but I don't think that it is intuitive if you have a large loosely connected applications like Bb. For example, a student logs out of Bb, and then types the URL to go back to the app directly (say a friend wants to login). Since the CAS session would still be there, they would be automatically logged in as though they had never clicked 'Log Out' with the same user? May make sense if you have tighter integration going on, or good communication about closing browsers and cookie security, but something to consider. Thank you, Curtis Long Unix Administrator Durham College T: 905-721-2000 x2714 From: Richard Frovarp [mailto:richard.frov...@ndsu.edu] Sent: March-17-14 12:24 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] Blackboard Integration You probably want the logout of a single system to log the user out of CAS. Otherwise you could have surprising SSO's happen. What you may want to do is disable single sign off. That is what is causing the logout of one system to log the user out of the other systems. On 03/17/2014 11:14 AM, Peter Kirby wrote: I would be interested in this as well. We started using CAS last year with our portal, Ellucian's Banner, and Google Apps. We've had to greatly throttle back what services use CAS because it causes results that turned out to be hard to explain to the end user. Example: If we let Google Apps logout of CAS and the user is still using the portal or Banner, it causes the login screen to come up again in the middle of their portal/Banner session. If we do not let Google Apps logout of CAS, then the user clicks log out which logs them out of Google Apps, but not CAS. When the user goes to Google Apps to sign in to a different account, they are still logged in to CAS so they get SSO into Google, making it appear they cannot log out of Google. Our only solution was to take Google Apps off of CAS. Are others facing similar situations? Thanks. -- Peter Kirby System and Database Administrator @ Harding University 501-279-4727 On Mon, Mar 17, 2014 at 9:49 AM, Tim Raymond <tjraym...@csupomona.edu<mailto:tjraym...@csupomona.edu>> wrote: We are trying to integrate Bb with our shiny new CAS install. It appears the Bb building block for CAS creates an undesirable scenario whereby logging out of Bb will expire the entire CAS session. I am curious how other organizations have integrated CAS with Bb in a more flexible way. Thanks Tim Raymond Director, Central Applications Instructional and Information Technology California State Polytechnic University, Pomona Phone: 909.869.6851<tel:909.869.6851> Cell: 909.260.3200<tel:909.260.3200> Fax: 909.979.6406<tel:909.979.6406> PGP Public Key: https://keyserver2.pgp.com/vkd/DownloadKey.event?keyid=0x2FDBD1EADDC19329 -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: lpki...@harding.edu<mailto:lpki...@harding.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: richard.frov...@ndsu.edu<mailto:richard.frov...@ndsu.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: curtis.l...@dc-uoit.ca<mailto:curtis.l...@dc-uoit.ca> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
