I am trying to test SS-Out in the following scenario. I have a thick client application that performs CAS operations, via an HTTP controller, to get a PGT. This application now wants to invoke a CAS protected Web Application. The thick client calls proxy to get the PT. The URL to the Web Application, with the PT, is passed on a different HTTP control. The SSO works fine. Now, when we call CAS logout, using the first HHTP Controller connection, the Web Application doesn’t get notified to log out.
====== Perhaps to lessen the confusion: APP A accessed by Browser A-- user logs in. We get the PGT. We issue proxy call to get the PT to call APP B. APP B accessed by Browser B-- We pass the PT on the URL, by-passing the authentication. Now on Browser A -- We call Cas Logout. APP A gets the Sign-Out request. APP B does not. Is this correct behavior? Or am I just missing something entirely? Looking through the SingleSignOutFilter.java class, It looks as though it looks through the HTTP Sessions for session with the ServiceTicket. Does AAP B have the ServiceTicket if the PT is passed on the URL? (*I believe the ServiceTicket and ProxyTicket are the same in 3.x anyway) Thanks, Randy -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
