Project

General

Profile

Actions

Task #3341

closed

Implement Single Log-Out system

Added by André Littoz about 4 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Single Sign-On
Target version:
Team - Q3/2021
Start date:
Due date:
% Done:

0%

Tags:

Description

Currently participating in the experiment to evaluate replacement of AskBot (AskLO) with Discourse.

Until authorised to submit tickets to Redmine, I only had access to Discourse (single session configuration).

I disconnected from the Discourse session by using the menu command associated with "avatar" at top right of screen (labeled Log Out). I was effectively disconnected but some token (cookie?) remained on my computer.

Next time I logged in, I did not need to enter manually my credentials as the token was automatically used (even if my computer was rebooted to make sure I started afresh).

This has security implication for me: anybody able to log into my computer account can then log into my Discourse (or SSO) account without the need to validate credentials. This is not really important for my desktop, but may be serious for my laptop which is sometimes left unattended in meeting rooms.

Guilhem Moulin provided me a link to fully disconnect from SSO, but this is inconvenient (I'll try to put it in a bookmark to have it at hand).

Is is possible to have a second menu command with another label (making clear it will cause a full and complete disconnection) for this purpose?

I understand there has been a long and dense debate about SSO and that my wish may cause service disruption (closing other simultaneously active sessions).

In case this is relevant, all my computers run under Fedora Linux and browser is Firefox.

Actions

Also available in: Atom PDF