Hey Ray, Thanks for the suggestion. I had considered that, my concern with this approach is that it would end the SSO session for the user across the board, forcing them to reauthenticate for all apps, not just this one. This may end up being the solution but my hope is to find a solution that will force a single OAuth service to authenticate everytime while allowing other services to continue with SSO
On Wednesday, July 24, 2019 at 5:58:11 PM UTC-4, rbon wrote: > > Justin, > > Your application can call /cas/logout when it destroys its local session > (if you can edit the application or its config). > > Ray > > On Wed, 2019-07-24 at 14:14 -0700, Justin Isenhour wrote: > > Hello, > > We have a new application that we have set up SSO with using OAuth > protocol. This application has some HIPAA related information and they > have a concern around the logout handling for their application. The basic > flow is as follows: User goes to the site, user isn't authenticated and > gets redirected to CAS login page. User authenticates and ends up at > application. When the user logs out of that application the app sessions > are destroyed but CAS session still exists. If the user (or some other > user) goes back the app, because they still have a valid SSO session, the > user is not challenged for credentials and gets right back into the app. > Is there a way to force a service to require authentication every time? I > found a blog artice describing force reauth using CAS protocol but I do not > see support for this in OAuth. Is there a way to achieve this currently > for OAuth services? > > Thanks, > Justin Isenhour > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] <javascript:> > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b843b25c-ddab-41ed-ba14-c50dd237f436%40apereo.org.
