...
Yale University. Columbia University.
Logout pass-through
High level discussion
Parameterize CAS logout such that a service can request that CAS redirect the user immediately back to the service, in order to provide CAS logout as part of an application experience.
Concerns about this idea
Ending a Single Sign On session with CAS is something of which a user likely needs to be informed and aware. Allowing CAS itself to paint the UI to represent to the user this having occured is the most straightforward and elegant way to accomplish this communication. We need a compelling use case to drive this feature?
Who has done this
- Columbia WIND.
Renew evaluated client-side
...
Suppose a service wishes to allow users to opt into Single Sign On. If this attribute of STs is communicated in the validation response, then the client can examine the authenticated username and whether the ST was issued simultaneous with user presentation of primary credentials. If the user has opted into SSO, great. If the user has not opted into SSO, but the user presented primary credentials at the time the ST was issued, great. If the user has not opted into SSO but the ticket was issued via SSO, then the service can redirect back to CAS login with renew=true.
Who has done this
- Columbia University