Luminis 5 sends you to the /cas/logout page. That might be a configuration
option, but it's what ours does. Luminis is currently in "don't touch it
and hope it doesn't break before we replace it" status here, so we're
stuck with that behavior.
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SE
Luminis' session ending should _not_ send a log out to CAS. Is this still the
case?
Ray
On Fri, 2018-11-02 at 15:05 -0400, David Curry wrote:
We already had to turn off SLO because of that issue between tabs (people would
log into Luminis in one tab and Canvas in another, and get kicked out of
We already had to turn off SLO because of that issue between tabs (people
would log into Luminis in one tab and Canvas in another, and get kicked out
of Canvas when Luminis timed out). My position is that this was The Wrong
Thing To Do, but the problem is that our CAS 3.x deployment always had it
t
Hi David,
FWIW we've been on Banner 9 for a little over a year, and we advise users
not to have multiple tabs open. The issue we see is that one tab will "time
out" even though the users are actively entering data in another tab. It
can be rather frustrating. I'm not sure if your unchecking the
Actually, I think my problem in this case was using mod_auth_cas to test
it. Maybe that little cookie cache it has was affecting the results.
When we unchecked the "participate in sso" access strategy for the actual
application in question (Banner 9), it started behaving the way they
wanted. Subj
I agree with Christian on this. Cookies exist in a browser instance, not a tab
instance; in some cases a new window is still not enough.
It sounds like your client does not understand how web browser technology works.
You could always offer to build a custom browser ;)
Ray
On Fri, 2018-11-02 at
Well, If I had my way, we wouldn't be doing it at all. :-)
But one of the business units here wants their application to (a) use the
"standard" login page provided by the CAS server but (b) prompt for
credentials every time you open a tab/window and go to it. "But that's not
single sign-on," I say
Hi Dave
I think the better way to do this is to open a new instance of your browser
application instead of open a new tab. The new tab is in the same context
of your first tab and then using the same authentication cookie. If you
want CAS as you mention, you lose the essential use of a SSO. If you
Actually, now that you mention it, I'm not. I was using mod_auth_cas to
test it, but maybe that's not the best test case. I'll see if I can find
another one and "verify" what I'm seeing.
Thanks,
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH
Hi David,
Are you sure the client application is redirecting the browser back to the
CAS login following the initial login to the app? Sounds like it's an
issue of controlling the user's application session rather than the user's
CAS SSO session.
Dan
Dan Ellentuck
Columbia University I.T.
Can I force a service to authenticate every time from the CAS server side,
e.g., by setting something in the service registry? Basically, I want to
mimic the behavior of "&renew=true" but not have to change anything on the
client side.
I thought setting "accessStrategy.ssoEnabled: false" in the se
11 matches
Mail list logo
