Wednesday 5th June, 2013
2:45pm to 3:30pm
Fully understanding session management, and effective logout strategies, when using SSO services (e.g. CAS, Shibboleth) can be difficult, particularly when increasing the complexity by layering one SSO service over another (e.g. Shibboleth relying on CAS for authentication). The behavior of various browsers regarding session cookies also must be considered. Questions frequently arise on the support lists for both CAS and Shibboleth around session management and logout. This session will explore the concepts around, existing functionality for, and good practices in tracking and terminating single sign-on sessions, including timeouts and logout, in CAS and Shibboleth. Logout approaches to be discussed include single logout, browser closing, operating system session ending, hard drive reformatting, and high atmosphere electromagnetic pulses! (The latter aren't best practices, but current out-of-the-box browser behaviors around secure session management may drive you to consider it.)
Senior IAM Consultant
Mike Grady has expertise in a broad range of higher education IT, with a particularly deep knowledge of both identity management and research cyberinfrastructure. In the fall of 2012, he joined Unicon as a member of its Identity and Access Management (IAM) team, assisting clients with any and all IAM needs, from strategic planning, consulting, implementation and support. A primary focus is on federated identity management; he is actively engaged in the Shibboleth, InCommon, Internet2, and increasingly, the CAS communities.
Prior to joining Unicon, Mike worked for the University of Illinois at Urbana-Champaign for 36 years, serving in multiple roles for Illinois over the years. Mike's last position at Illinois was as the Executive Program Officer for Cyberinfrastructure (CI) in the Office of the Chief Information Officer, where his focus was on understanding how CI could help Illinois researchers advance their research, and then acting on that understanding to help campus IT determine how to effectively deliver the CI required.
Software Developer, Identity and Access Management
Andrew Petro is a software developer at Unicon Inc. After graduating with a degree in Computer Science from Yale University in 2004, Andrew stayed on to serve his alma mater in the Technology & Planning group. Projects in which Andrew has been involved include theJasig Central Authentication Service, YaleInfo Portal (Yale's uPortal implementation), and the Jasig uPortal project. In 2006 Andrew joined Unicon and has filled several roles as a software developer, uPortal and CAS consultant, and technical lead for the Cooperative Support for CAS program. Andrew has served on the Jasig uPortal and CAS steering committees.
Sign in to add slides, notes or videos to this session