Javascript Unavailable
Your browser has turned off or does not support Javascript. If you disable Javascript, you may be unable to use the content and features of this website. Please check your browser settings again, and make sure Javascript is enabled.

Content Unavailable
Your browser is blocking content on this website. Please check your browser settings and try again.

As an identity provider and single sign-on manager, Apereo CAS is able to manage and maintain the collection of active single sign-on sessions for users. Furthermore, administers are able to review all active sessions and remotely destroy a user’s single sign-on session, effectively logging the user out of all applications via single logout if that is an activated option.

This blog post presents an overview single sign-on management facilities in CAS, via the following starting position:

CAS 6.5.x
Java 11
CLI JSON Processor jq

SSO Sessions

Administrative management of CAS single sign-on sessions is provided via a dedicated ssoSessions endpoint:

management.endpoints.web.exposure.include=ssoSessions
management.endpoint.ssoSessions.enabled=true

cas.monitor.endpoints.endpoint.ssoSessions.access=IP_ADDRESS
cas.monitor.endpoints.endpoint.ssoSessions.required-ip-addresses=127.0.0.1

This actuator endpoint allows one to fetch all single sign-on sessions with the given type. Some sessions are directly established with CAS and some are created via proxy authentication. What’s important here is that this endpoint requires that the underlying ticket registry and store is able to store, maintain and return a collection tickets that represent the single sign-on session. You will NOT be able to collect and review sessions, if the ticket registry does not have this capability.

Let’s play around with this a bit.

Retrieving SSO Sessions

Fetch all active SSO sessions:

curl -X GET https://sso.example.org/cas/actuator/ssoSessions | jq

Fetch all active SSO sessions for a single user:

curl -X GET https://sso.example.org/cas/actuator/ssoSessions\?username\=casuser | jq

Removing SSO Sessions

Destroy a single active SSO session:

curl -X DELETE https://sso.example.org/cas/actuator/ssoSessions/TGT-1-g2tM-TMc  | jq

Destroy all active SSO sessions for a given user:

curl -X DELETE https://sso.example.org/cas/actuator/ssoSessions\?username\=casuser | jq

Destroy all active SSO sessions:

curl -X DELETE https://sso.example.org/cas/actuator/ssoSessions\?type\=ALL | jq

Need Help?

If you have questions about the contents and the topic of this blog post, or if you need additional guidance and support, feel free to send us a note and ask about consulting and support services.

So…

I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please feel free to engage and contribute as best as you can.

Happy Coding,

Misagh Moayyed

info@fawnoos.com

Monday-Friday

9am-6pm, Central European Time

7am-1pm, U.S. Eastern Time
+1 347 746 4665

Monday-Friday

9am-6pm, Central European Time

← Previous Post Next Post →

SSO Sessions

Retrieving SSO Sessions

Removing SSO Sessions

Need Help?

So…

info@fawnoos.com

+1 347 746 4665