Wednesday, 15 September 2010

Single sign-out using ruby-cas... Not!

We considered this... right up until the point where I read that you were advised to disable forgery-protection.

It's easy enough to send a message to the rubyCAS server to invalidate a given ticket - but mostly users only authenticate with rubyCAS once, and from then on deal only with a given client-application. Killing rubyCAS's ticket only comes into play when a user tries to re-authenticate with the rubyCAS server.

I don't have a good solution to this one...

This is one article in a series on Rails single-sign-on with rubyCAS

No comments: