Thanks for your reply.
We are looking for a way to invalidate the SSO Cookie if the user has not had any keyboard/mouse activity (or at a miminum, browser activity) for a set amount of time. So this is more of an inactivity time for the user rather than an expiration time for the ticket.
Nick Maiorana
Technology, Architecture and Business Services
J2EE Components and Services
[EMAIL PROTECTED]
Phone: 704-427-1923
Pager: 888-739-0534 or [EMAIL PROTECTED]
Confidentiality Statement:
"The information contained in this electronic message is confidential,
proprietary, and intended only for the use of the owner of the e-mail address
listed as the recipient of this message. If you are not the intended recipient,
or the employee or agent responsible for delivering this message to the
intended recipient, you are hereby notified that any disclosure, dissemination,
distribution, copying of this communication, or unauthorized use is strictly
prohibited and subject to prosecution to the fullest extent of the law!
If you are not the intended recipient, please delete this electronic message
and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE DISSEMINATE IT OR ITS CONTENTS."
| "Scott Battaglia"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 10/30/2006 11:49 AM
|
|
Nick,
CAS supports the notion of Expiration Policies. Example policies include # of uses or "a ticket is only valid for X amount of time." You can write an "inactivity policy" and configure CAS to use that.
http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/org/jasig/cas/ticket/ExpirationPolicy.html
http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/org/jasig/cas/ticket/TicketState.html
-Scott
On 10/30/06, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote:
Are there any hooks into determining a user's inactivity on his machine to invalidate the SSO token?
Nick Maiorana
Technology, Architecture and Business Services
J2EE Components and Services
[EMAIL PROTECTED]
Phone: 704-427-1923
Pager: 888-739-0534 or [EMAIL PROTECTED]
Confidentiality Statement:
"The information contained in this electronic message is confidential,
proprietary, and intended only for the use of the owner of the e-mail address
listed as the recipient of this message. If you are not the intended recipient,
or the employee or agent responsible for delivering this message to the
intended recipient, you are hereby notified that any disclosure, dissemination,
distribution, copying of this communication, or unauthorized use is strictly
prohibited and subject to prosecution to the fullest extent of the law!
If you are not the intended recipient, please delete this electronic message
and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE DISSEMINATE IT OR ITS CONTENTS."
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
ForwardSourceID:NT000871C6
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
