Yes, but this would invalidate the ticket based upon user activity, not a time period. I hope I'm not missing something.
Thanks
Nick Maiorana
Technology, Architecture and Business Services
J2EE Components and Services
[EMAIL PROTECTED]
Phone: 704-427-1923
Pager: 888-739-0534 or [EMAIL PROTECTED]
Confidentiality Statement:
"The information contained in this electronic message is confidential,
proprietary, and intended only for the use of the owner of the e-mail address
listed as the recipient of this message. If you are not the intended recipient,
or the employee or agent responsible for delivering this message to the
intended recipient, you are hereby notified that any disclosure, dissemination,
distribution, copying of this communication, or unauthorized use is strictly
prohibited and subject to prosecution to the fullest extent of the law!
If you are not the intended recipient, please delete this electronic message
and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE DISSEMINATE IT OR ITS CONTENTS."
| "Scott Battaglia"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 11/01/2006 09:51 AM
|
|
You could but its not necessary because once the ticket itself is expired the cookie is invalid (as an attempt to retrieve the ticket by id would fail) and the next time you log in the old cookie would be replaced.
-Scott
On 11/1/06, [EMAIL PROTECTED] <[EMAIL PROTECTED] > wrote:
Yeah, that's what we were thinking. For a true inactivity invalidation, we may have to employ some sort of agent or supplicant on the client workstations that clear the SSO cookie.
Thanks.
Nick Maiorana
Technology, Architecture and Business Services
J2EE Components and Services
[EMAIL PROTECTED]
Phone: 704-427-1923
Pager: 888-739-0534 or [EMAIL PROTECTED]
Confidentiality Statement:
"The information contained in this electronic message is confidential,
proprietary, and intended only for the use of the owner of the e-mail address
listed as the recipient of this message. If you are not the intended recipient,
or the employee or agent responsible for delivering this message to the
intended recipient, you are hereby notified that any disclosure, dissemination,
distribution, copying of this communication, or unauthorized use is strictly
prohibited and subject to prosecution to the fullest extent of the law!
If you are not the intended recipient, please delete this electronic message
and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE DISSEMINATE IT OR ITS CONTENTS."
| "Scott Battaglia"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 10/31/2006 09:31 AM
|
|
The cookie is merely a pointer to the actual Ticket. Expiring the
ticket has the same affect as expiring the cookie and its actually easier
to do. You only other option is to modify the login flow itself to
check the cookie.
-Scott
On 10/31/06, [EMAIL PROTECTED]
<
[EMAIL PROTECTED]> wrote:
Thanks for your reply.
We are looking for a way to invalidate the SSO Cookie if the user has not
had any keyboard/mouse activity (or at a miminum, browser activity) for
a set amount of time. So this is more of an inactivity time for the
user rather than an expiration time for the ticket.
Nick Maiorana
Technology, Architecture and Business Services
J2EE Components and Services
[EMAIL PROTECTED]
Phone: 704-427-1923
Pager: 888-739-0534 or [EMAIL PROTECTED]
Confidentiality Statement:
"The information contained in this electronic message is confidential,
proprietary, and intended only for the use of the owner of the e-mail address
listed as the recipient of this message. If you are not the intended recipient,
or the employee or agent responsible for delivering this message to the
intended recipient, you are hereby notified that any disclosure, dissemination,
distribution, copying of this communication, or unauthorized use is strictly
prohibited and subject to prosecution to the fullest extent of the law!
If you are not the intended recipient, please delete this electronic message
and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE DISSEMINATE IT OR ITS CONTENTS."
| "Scott Battaglia"
<[EMAIL PROTECTED]
> Sent by: [EMAIL PROTECTED] 10/30/2006 11:49 AM
|
|
Nick,
CAS supports the notion of Expiration Policies. Example policies
include # of uses or "a ticket is only valid for X amount of time."
You can write an "inactivity policy" and configure CAS
to use that.
http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/org/jasig/cas/ticket/ExpirationPolicy.html
http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/org/jasig/cas/ticket/TicketState.html
-Scott
On 10/30/06, [EMAIL PROTECTED]
<
[EMAIL PROTECTED]> wrote:
Are there any hooks into determining a user's inactivity on his machine
to invalidate the SSO token?
Nick Maiorana
Technology, Architecture and Business Services
J2EE Components and Services
[EMAIL PROTECTED]
Phone: 704-427-1923
Pager: 888-739-0534 or [EMAIL PROTECTED]
Confidentiality Statement:
"The information contained in this electronic message is confidential,
proprietary, and intended only for the use of the owner of the e-mail address
listed as the recipient of this message. If you are not the intended recipient,
or the employee or agent responsible for delivering this message to the
intended recipient, you are hereby notified that any disclosure, dissemination,
distribution, copying of this communication, or unauthorized use is strictly
prohibited and subject to prosecution to the fullest extent of the law!
If you are not the intended recipient, please delete this electronic message
and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE DISSEMINATE IT OR ITS CONTENTS."
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
ForwardSourceID:NT000871C6
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
ForwardSourceID:NT000872EA
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
ForwardSourceID:NT00087452
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
