tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Crowther" <Peter.Crowt...@melandra.com>
Subject RE: SSO question
Date Fri, 11 Nov 2005 09:20:15 GMT
> From: Klotz Jr, Dennis [mailto:DKlotz@empirix.com] 
> Is it possible using LDAP, whether it is using custom JAAS code or a
> third party product such as Vintela's VSJ
> (http://www.vintela.com/products/vsj/), to do the following:
> 
> "... prevent, control or limit the simultaneous active usage 
> of the same
> user id. The number of simultaneous active sessions shall be settable
> per user id."
> 
> The show stopper for me is whether I can inform the LDAP 
> server when the
> user has logged out. The default JNDIRealm does not, to my knowledge,
> provide that ability. JNDIRealm is just for authenticating and role
> retrieval.

You *could* do something like this by storing a custom attribute in LDAP
and incrementing/decrementing that when a user logs in/out.  I'm not
sure where it'd get you, though, given users' distressing habits of
closing browsers without logging out of an app and hence leaving the
session open for a period.  That sounds like it's come straight out of a
requirements doc.  I'd ask who wrote the requirements doc, what's the
business reason behind that requirement, and can it be accomplished
another way?

		- Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message