[Mozilla Enterprise] disabling auto web single sign-on for GAS
Mike Kaply
mkaply at mozilla.com
Thu Jul 23 21:11:56 UTC 2020
On Wed, Jul 22, 2020 at 12:38 PM Hoang (US), Victor T <
victor.t.hoang at boeing.com> wrote:
> Hello all,
>
>
>
> My company is rolling out a new web single sign-on tool called GAS
> (general authentication Service). I could see this causing a problem where
> computers in our public environments which are shared by multiple people
> could be signed in as different user. For example, person A signs into
> their profile and then closes the browser. Person B opens up the browser,
> but person A’s credentials are still on the device because of the auto sign
> on functionalities of GAS.
>
>
>
> I’ve looked a bit and I know IE11 has an option called Integrated Windows
> Authentication. Some folks over at GAS also suggested to change a setting
> to disable Kerberos authentication, but wouldn’t that mean that no
> authentication happens at all? Perhaps theres a policy that I can leverage
> that clears everything first time loading (eg. Expiring cookies at session
> end perhaps?)
>
I just added a policy that will be in 78/ESR 78.1 that allows you to do
session cookies for particular domains. That might help here.
I'll let other folks chime in on the other stuff.
Mike
>
>
> Any suggestions appreciated!
>
>
>
> Victor
>
>
> _______________________________________________
> Enterprise mailing list
> Enterprise at mozilla.org
> https://mail.mozilla.org/listinfo/enterprise
>
> To unsubscribe from this list, please visit
> https://mail.mozilla.org/listinfo/enterprise or send an email to
> enterprise-request at mozilla.org with a subject of "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20200723/52f8071a/attachment.html>
More information about the Enterprise
mailing list