Removing ST/TGT's on demand

[Brian T. Huntley]

Good day, all!

We are running CAS 7.1.6 with a Hazelcast backend for ST/TGT storage.  I'm looking for a way to be able to remove a specific user's ST's and TGT's on demand, such as for an abrupt account termination or discovery of a compromised account.  Has anyone here implemented such a thing?

Thanks!

Brian

Brian T. Huntley, CISSP

Director of Network Services and Information Security

Office of Information Technology

Clarkson University

315.268.6723

[Ocean Liu]

Hi Brian,

Have you tried testing these actuator endpoints?
https://apereo.github.io/cas/7.1.x/authentication/Configuring-SSO.html#actuator-endpoints
> DELETE /cas/actuator/ssoSessions/users/{username}

Best,

[Brian T. Huntley]

Hi Ocean - 

I've not fiddled with those, but certainly looks promising, thanks for the tip!

Brian

Brian T. Huntley, CISSP

Director of Network Services and Information Security

Office of Information Technology

Clarkson University

315.268.6723

[Ray Bon]

Brian,

There are actuator endpoints for just such a thing, https://apereo.github.io/cas/7.2.x/authentication/Configuring-SSO.html#actuator-endpoints

If you have a lot of user sessions, you may run in to performance issues.

Ray

---

From: cas-...@apereo.org <cas-...@apereo.org> on behalf of Brian T. Huntley <bhun...@clarkson.edu>
Sent: July 9, 2025 05:19
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] Removing ST/TGT's on demand

 

You don't often get email from bhun...@clarkson.edu. Learn why this is important

--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABa%3D6acsVxxrhx7NY7Xq53gRBGY4kVYTQSPiuhS9KfRqVziTJA%40mail.gmail.com.