Hi again, The backend for CAS is handled of course in occasions as described and application that support Single Sign Off is too few. A lot of them on the other hand "recasifies" the user now and then to check that the session is still valid. So what we want to do is to invalidate all sessions for a specific user identity, together with an single sign off request for every session.
/Pål -----Ursprungligt meddelande----- Från: cas-boun...@tp.its.yale.edu [mailto:cas-boun...@tp.its.yale.edu] För William G. Thompson, Jr. Skickat: den 20 januari 2009 19:54 Till: Yale CAS mailing list Ämne: Re: Invalidate all sessions for a user identity Pål, Can you be more specific regarding the "active sessions"? Are these application sessions that have been created after a users has been authenticated via CAS? If the credentials are known to be compromised (social engineering or otherwise) you'd want to prevent further use of them, likely by controlling them at the primary authentication source (LDAP, Kerberos, etc). If you have deployed Single Sign Out, you could potentially customize CAS with an administrative feature that would call out to active application sessions and log off a specified user. Out of the box this is not available. Bill -- William G. Thompson, Jr. Senior Technologist - Development Information Systems Office of Development, Princeton University voice: 609.258.2655 | wthom...@princeton.edu On Tue, Jan 20, 2009 at 10:08 AM, Pål Axelsson <pal.axels...@its.uu.se> wrote: > Hi, > > > > Our IRT team has come up with a question that I can't find the answer for. > > > > Is't possible to invalidate all active sessions for a specific user > identity? > > > > If one of our users account is hijacked for example y social engineering we > want to remove all active sessions for that user identity in a simple and > controlled way. Is that possible? > > > > Pål Axelsson > > > > _______________________________________________ > Yale CAS mailing list > cas@tp.its.yale.edu > http://tp.its.yale.edu/mailman/listinfo/cas > > _______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas