Hi all, I have a couple applications implementing Single Sign Out solution. When CAS Server and CAS clients running on the same box, everything works as expected. When I log off one applcation, it also logs off another application. However, when I put them in distributed environment, Single Sign Out doesn't work correctly.
I am running cas-server-3.3.3 in boxA, and I have a Spring Security application (app1) running on boxB using cas-client-3.1.6, and another Spring Acegi application (app2) using cas-client-3.1.6 also on boxB. I have configured Single Sign Out filter and listener in web.xml file for both apps (http://www.ja-sig.org/wiki/display/CASC/Configuring+Single+Sign+Out). For app1, I defined logout-success-url as "https://casserver:8443/cas/logout";; and for app2, I have customed code to invalidate session variable and then redirect to "https://casserver:8443/cas/logout"; upon logout. Single Sign On works correctly for both apps. However, if I have both app1 and app2 running, when I logout of app1, app1's session was invalidated, it logout of app1 and logout-success-url was correctly displayed. But I can still browse app2 without being challenged for credentials. The same thing happens if I logout of app2, app1 seems still running fine. >From what I have learned, for a Spring Security application, when user click the following link to logout: '<c:url value="../j_spring_security_logout" '>Logout it will invalidate user's session, and then it will be redirected to logout-success-url defined in the xml config file. Then cas server will send out a request to other applications to destroy cache entry contraining the corresponding service ticket. I don't have a very deep understanding about this process. It seems to me that when app1 logout, and triggers cas server to logout, it seems app2's SingleSignOutHttpSessionListener is not really listening to the request sent out by cas server. Can someone correct me if I am wrong? Is there any configuration that I am missing? Please help! Another thing I don't understand is, why it works with no problem when CAS server and client applications are in the same box same tomcat server? Thanks, Xuejin -- View this message in context: http://www.nabble.com/Single-Sign-Out-problem-tp24381456p24381456.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
