	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cosign @ uMich and logging out

To: kevin mcgowan <clunis@xxxxxxxxx>
Subject: Re: Cosign @ uMich and logging out
From: Brett Lomas <b.lomas@xxxxxxxxxxxxxx>
Date: Wed, 02 Mar 2005 09:58:40 +1300
Cc: Murray Tracey <m.tracey@xxxxxxxxxxxxxx>, cosign-discuss <cosign-discuss@xxxxxxxxx>, Timothy Chaffe <t.chaffe@xxxxxxxxxxxxxx>, jeff kennedy <jeff.kennedy@xxxxxxxxxxxxxxxxxxxxxxx>
In-reply-to: <da77e3e2e3d157b9be08b08e4229571a@umich.edu>
References: <1109648592.3971.14.camel@brett.enarc.auckland.ac.nz> <da77e3e2e3d157b9be08b08e4229571a@umich.edu>

Hi Kevin,

thanks for you that. Just to clarify, you have a logout button in all of
the applications (at least the main ones) which use this CGI and
redirect them to the UniSign logout. So each time they logout of an
application it will ask them if they which to logout of 'everything'
right?

Also, like Mark said, if they hit cancel wont it send them back to the
application and 'log' them back in again?

I am asking these questions to get an idea on how you guys handle the
logout problems. Also, how did you students react to the SSO and logout
changes? Dod you do a large communication of this when you went live?

Thanks heaps, and sorry for the pestering (Bosses and their insistance
on this :) )

Brett

On Tue, 2005-03-01 at 17:26, kevin mcgowan wrote:
> We use the example perl logout script that comes with the cosign src 
> distribution.  We install it locally on each protected service in 
> /cgi-bin/logout  (wish I'd chosen another URI, but it works).  This 
> script:
> 
>      1. expires the service cookie
>      1a. can be modified to do whatever other clean-up you like (freeing 
> DB sessions, for example).
>      2. redirects the user to our central logout cgi (the one written in 
> C) and that prompts the user to logout.
> 
> We link to /cgi-bin/logout from all of our applications with a visible 
> "logout" link and encourage other application providers to do the same. 
>   We have not published a central "logout" url, but visiting 
> "https://weblogin.umich.edu/"; when already authenticated displays a 
> list of protected services and a link to the central logout CGI.
> 
> Kevin
> 
> On Feb 28, 2005, at 10:43 PM, Brett Lomas wrote:
> 
> > Hi Kevin, and others
> >
> > just a quick question I have about how you guys have deployed CoSign.
> > How have you handled logouts from applications? The reason I ask is we
> > are in the process of converting our top applications to use CoSign and
> > are wrestling with the logout idea and are wondering if we should 
> > remove
> > any idea of logging out of the application etc. Also, how do you get
> > students to logout of CoSign in general? do you publish the URL and 
> > they
> > have to go there manually?
> >
> > Thanks heaps.
> >
> > Brett
> >
> >
> > !DSPAM:4223e541214778695923490!
> >
> >
> >
> >
> 
>                  ... "I love being weird, or at least, I've made my 
> peace with it." ...
>

References:
- Cosign @ uMich and logging out
  - From: Brett Lomas
- Re: Cosign @ uMich and logging out
  - From: kevin mcgowan

Prev by Date: Overarchitecting
Next by Date: /services directory
Previous by thread: Re: Cosign @ uMich and logging out
Next by thread: Overarchitecting
Index(es):
- Date
- Thread