Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Benito introduced the use cases that UC Merded has for using SSOut. "Close your browser" seems the most common solution. For uPortal institutions signing out of uPortal should mean SSOut.

CAS SSOut is really difficult to implement, while telling the users to close the browser is easier to implement and more significantly, puts the responsibility on the users.

CAS SSOut challenge stems from the fact that CAS only has the Service Ticket (ST) to identify the session to invalidate, while CAS clients don't keep the STs that were issued to them. STs, after all, are only single-use tokens.

CAS Service Registry could be enhanced to, in addition to service URLs, keep track of logout URLs for all services. Then, when the user logs out of CAS, the CAS logout view would paint a series of IFRAMEs and render a logout URL for every service to log out from.

To improve the workability of the current CAS SSOut, a lot of improvement would have to be added to existing CAS clients.

  • No labels