Hi, We are trying to implement Single Sign On for our applications with a CAS server for authentication. The CAS server is setup on a different domain and the applications are in different domains. We face an issue with the logout functionality.
1) The CAS TGC cookie that gets set in the browser is not getting removed on calling of logout from CAS , though the TGT is destroyed in the server side as seen in the logs. Does CAS remove this from browser as well or it is the responsiblity of the user to manually remove the cookie. 2) Because of this issue, we are forced to close all instances of browsers which were open prior to the logout of CAS (including those that are not related to the CAS accessing sessions, say a browser where user is accessing internet) to be closed , in order to attempt for a fresh login. This is not an ideal scenario for users as this prevents multi tasking of users. Are we missing anything. Any pointers or guidance to this can help us resolve this issue. Thanks, Mckenzie -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
