I'm also facing some logout troubles. All the filters and the listener are implemented as in the example web application and as described in this thread. The client app is completely dependent on the credentials provided by the AssertionThreadLocalFilter , so if the assertion holder doesn't return an assertion anymore, the user shouldn't have access to the page anymore. Besides of course the fact, that the pages are protected by the CAS authentication filter anyway.
But if I fire a logout in CAS, no change appears in the client app whatsoever. Isn't CAS supposed to send a logout request to each service the user has registered with and the filter to remove the ticket so that another validation will fail? Please advice. Regards, Martin PS: Also, I can't get CAS to log anything? Which library is used and how do I configure it? Based on the example app I'd suppose it was log4j, but that doesn't seem to work. Am 05.05.2009 um 20:16 schrieb Marvin Addison: >> Is it okay that I am using this filter: >> org >> .jasig >> .cas.client.validation.Cas20ProxyReceivingTicketValidationFilter >> ? >> >> Or should I be using the SAML one? > > It's okay. The choice of ticket validation filter is independent of > the SingleSignOutFilter. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
