The Thrill of The Hunt - Tracking and Terminating Single Sign-On Sessions in CAS and Shibboleth

A session at Open Apereo 2013 Conference (Jasig & Sakai)

Wednesday 5th June, 2013

2:45pm to 3:30pm (PST)

Fully understanding session management, and effective logout strategies, when using SSO services (e.g. CAS, Shibboleth) can be difficult, particularly when increasing the complexity by layering one SSO service over another (e.g. Shibboleth relying on CAS for authentication). The behavior of various browsers regarding session cookies also must be considered. Questions frequently arise on the support lists for both CAS and Shibboleth around session management and logout. This session will explore the concepts around, existing functionality for, and good practices in tracking and terminating single sign-on sessions, including timeouts and logout, in CAS and Shibboleth. Logout approaches to be discussed include single logout, browser closing, operating system session ending, hard drive reformatting, and high atmosphere electromagnetic pulses! (The latter aren't best practices, but current out-of-the-box browser behaviors around secure session management may drive you to consider it.)

About the speakers

This person is speaking at this event.
Mike Grady

Senior IAM Consultant

Mike Grady has expertise in a broad range of higher education IT, with a particularly deep knowledge of both identity management and research cyberinfrastructure. In the fall of 2012, he joined Unicon as a member of its Identity and Access Management (IAM) team, assisting clients with any and all IAM needs, from strategic planning, consulting, implementation and support. A primary focus is on federated identity management; he is actively engaged in the Shibboleth, InCommon, Internet2, and increasingly, the CAS communities.

Prior to joining Unicon, Mike worked for the University of Illinois at Urbana-Champaign for 36 years, serving in multiple roles for Illinois over the years. Mike's last position at Illinois was as the Executive Program Officer for Cyberinfrastructure (CI) in the Office of the Chief Information Officer, where his focus was on understanding how CI could help Illinois researchers advance their research, and then acting on that understanding to help campus IT determine how to effectively deliver the CI required.

This person is speaking at this event.
Andrew Petro

Software Developer, Identity and Access Management

Andrew Petro is a software developer at Unicon Inc. After graduating with a degree in Computer Science from Yale University in 2004, Andrew stayed on to serve his alma mater in the Technology & Planning group. Projects in which Andrew has been involved include theJasig Central Authentication Service, YaleInfo Portal (Yale's uPortal implementation), and the Jasig uPortal project. In 2006 Andrew joined Unicon and has filled several roles as a software developer, uPortal and CAS consultant, and technical lead for the Cooperative Support for CAS program. Andrew has served on the Jasig uPortal and CAS steering committees.

Next session in Opal

3:45pm Integration at Enterprise Scale - Student, Library, Learning and Research Systems by Robert McDonald and Michael Winkler

13 attendees

  • Andrew Petro
  • Bill Thompson
  • Dmitriy Kopylenko
  • Laura McCord
  • Martin Smith
  • Mike Grady
  • Misagh Moayyed
  • Mitch
  • Nagai Takayuki
  • Mike Osterman
  • Qu
  • Bob Walters
  • Ray Walker

3 trackers

  • Aaron Grant
  • Konstantin Makarov
  • Sean Horner

Coverage of this session

Sign in to add slides, notes or videos to this session

Sign in to track this session

Tell your friends!


Time 2:45pm3:30pm PST

Date Wed 5th June 2013


Opal, The Westin San Diego

Short URL


Official event site


View the schedule



See something wrong?

Report an issue with this session