-Scott
On 11/1/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]
> wrote:
Yeah, that's what we were thinking. For a true inactivity invalidation, we may have to employ some sort of agent or supplicant on the client workstations that clear the SSO cookie.
Thanks.
Nick Maiorana
Technology, Architecture and Business Services
J2EE Components and Services
[EMAIL PROTECTED]
Phone: 704-427-1923
Pager: 888-739-0534 or [EMAIL PROTECTED]
Confidentiality Statement:
"The information contained in this electronic message is confidential, proprietary, and intended only for the use of the owner of the e-mail address listed as the recipient of this message. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, copying of this communication, or unauthorized use is strictly prohibited and subject to prosecution to the fullest extent of the law! If you are not the intended recipient, please delete this electronic message and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE DISSEMINATE IT OR ITS CONTENTS."
"Scott Battaglia" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]10/31/2006 09:31 AM
Yale CAS mailing list <[email protected]>
"Yale CAS mailing list" <[email protected]> Re: SSO Inactivity Timeout
The cookie is merely a pointer to the actual Ticket. Expiring the ticket has the same affect as expiring the cookie and its actually easier to do. You only other option is to modify the login flow itself to check the cookie.
-Scott
On 10/31/06, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote:
Thanks for your reply.
We are looking for a way to invalidate the SSO Cookie if the user has not had any keyboard/mouse activity (or at a miminum, browser activity) for a set amount of time. So this is more of an inactivity time for the user rather than an expiration time for the ticket.
Nick Maiorana
Technology, Architecture and Business Services
J2EE Components and Services
[EMAIL PROTECTED]
Phone: 704-427-1923
Pager: 888-739-0534 or [EMAIL PROTECTED]Confidentiality Statement:
"The information contained in this electronic message is confidential, proprietary, and intended only for the use of the owner of the e-mail address listed as the recipient of this message. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, copying of this communication, or unauthorized use is strictly prohibited and subject to prosecution to the fullest extent of the law! If you are not the intended recipient, please delete this electronic message and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE DISSEMINATE IT OR ITS CONTENTS."
"Scott Battaglia" <[EMAIL PROTECTED] >
Sent by: [EMAIL PROTECTED]10/30/2006 11:49 AM
Yale CAS mailing list <[email protected] >
"Yale CAS mailing list" <[email protected] > Re: SSO Inactivity Timeout
Nick,
CAS supports the notion of Expiration Policies. Example policies include # of uses or "a ticket is only valid for X amount of time." You can write an "inactivity policy" and configure CAS to use that.
http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/org/jasig/cas/ticket/ExpirationPolicy.html
http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/org/jasig/cas/ticket/TicketState.html
-Scott
On 10/30/06, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote:
Are there any hooks into determining a user's inactivity on his machine to invalidate the SSO token?
Nick Maiorana
Technology, Architecture and Business Services
J2EE Components and Services
[EMAIL PROTECTED]
Phone: 704-427-1923
Pager: 888-739-0534 or [EMAIL PROTECTED]Confidentiality Statement:
"The information contained in this electronic message is confidential, proprietary, and intended only for the use of the owner of the e-mail address listed as the recipient of this message. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, copying of this communication, or unauthorized use is strictly prohibited and subject to prosecution to the fullest extent of the law! If you are not the intended recipient, please delete this electronic message and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE DISSEMINATE IT OR ITS CONTENTS."
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
ForwardSourceID:NT000871C6ForwardSourceID:NT000872EA
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
