does CASSHIB maintain a session ?
50 views
Skip to first unread message
Steven Carmody
Oct 9, 2013, 1:48:41 PM10/9/13
to cas...@googlegroups.com
Hi,
We're successfully using CASSHIB between our Shibboleth IDP and
Banner/XE. So, thank you very much for providing this tool ! (XE doesn't
yet support SAML login; supposedly its coming ...)
We can configure a logout url into XE. When a user clicks Logout the
local app session is killed, and they would be redirected to this url.
Standard approach to logout ....
Our IDP does have a logout endpoint, so we could use that. But, I was
wondering whether CASSHIB maintains any kind of session that would also
have to be destroyed ? If yes, how would we trigger that ?
Thanks!
We're successfully using CASSHIB between our Shibboleth IDP and
Banner/XE. So, thank you very much for providing this tool ! (XE doesn't
yet support SAML login; supposedly its coming ...)
We can configure a logout url into XE. When a user clicks Logout the
local app session is killed, and they would be redirected to this url.
Standard approach to logout ....
Our IDP does have a logout endpoint, so we could use that. But, I was
wondering whether CASSHIB maintains any kind of session that would also
have to be destroyed ? If yes, how would we trigger that ?
Thanks!
bko...@gmail.com
Oct 9, 2013, 4:16:41 PM10/9/13
to cas...@googlegroups.com
CAS itself does maintain a session. This isn't specific to CASShib, but it's inherent to the CAS server.
Your logout redirect chain may look something like:
Logout Link that kills local session -> redirects to the CASShib logout URL for the app -> redirects to the Shibboleth IDP logout link -> redirects to a logout landing page
I don't think the ordering of those redirects matters much, just as long as all three sessions (app, CAS, and Shib) get destroyed.
Your logout redirect chain may look something like:
Logout Link that kills local session -> redirects to the CASShib logout URL for the app -> redirects to the Shibboleth IDP logout link -> redirects to a logout landing page
I don't think the ordering of those redirects matters much, just as long as all three sessions (app, CAS, and Shib) get destroyed.
bko...@gmail.com
Oct 9, 2013, 4:20:50 PM10/9/13
to cas...@googlegroups.com
Although I should also say that CASShib has done some customization in relation to the CAS cookies to create a different session for each app, which means there's a different logout URL for each app.
http://code.google.com/p/casshib/wiki/CASShibExplained#Cookies_and_sessions
http://code.google.com/p/casshib/wiki/CASShibExplained#Cookies_and_sessions
Steven Carmody
Oct 10, 2013, 10:53:50 AM10/10/13
to cas...@googlegroups.com
On 10/9/13 4:20 PM, bko...@gmail.com wrote:
> Although I should also say that CASShib has done some customization in
> relation to the CAS cookies to create a different session for each app,
> which means there's a different logout URL for each app.
> http://code.google.com/p/casshib/wiki/CASShibExplained#Cookies_and_sessions
thanks for the explanation !
> Although I should also say that CASShib has done some customization in
> relation to the CAS cookies to create a different session for each app,
> which means there's a different logout URL for each app.
> http://code.google.com/p/casshib/wiki/CASShibExplained#Cookies_and_sessions
can a parameter be passed on the "CASSHIB logout url" telling CASSHIB
where to redirect to, after it destroys its session ?
thanks!
> You received this message because you are subscribed to the Google
> Groups "casshib" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to casshib+u...@googlegroups.com.
> To post to this group, send email to cas...@googlegroups.com.
> Visit this group at http://groups.google.com/group/casshib.
> For more options, visit https://groups.google.com/groups/opt_out.
bko...@gmail.com
Oct 10, 2013, 11:29:11 AM10/10/13
to cas...@googlegroups.com
Yes, the same redirect parameter that CAS uses.
Reply all
Reply to author
Forward
0 new messages