Hi, We have the same kind of issuers.
An ancien post of mine (witch is still unanswered) describes the same kind of security issue. Our configuration is : CAS 3.3.3 RememberMe feature JpaTicketRegistry Liferay portal with edu.yale CAS client and other PHP casfied softwares. "This happens only in some rare circunstamces" for us too. "I must restart the browser and even remove the cookies." for us too. Liferay discussion : http://www.liferay.com/community/forums/-/message_boards/message/4621384 We don't have a load-balanced architecture. Thanks you in advance. 2010/3/26 Marvin Addison <[email protected]> > > it's a security issue for us since a user could log in as the previous > > user. > > Only if they're using the same browser since both CAS application > state and application session state is based on cookies. Is this a > kiosk environment? The best practice has been and continues to be > closing the browser when finished with an SSO session. I realize that > modern browsers that keep components memory-resident takes away from > this recommendation, but it's the best we have. > > > I don't think it's a network issue, since both apps and CAS are all on > > the same host, so I think it could be a configuration problem of some > sort. > > I would recommend you turn up the logging on both the CAS server and > troublesome application to ensure that CAS is sending the > LogoutRequest and that it is being received by the application. There > is a very prominent message (WARN) I believe if the CAS server has > connection problems sending the message. It will also be logged on > the client if you're using the Jasig Java CAS client. I believe other > CAS clients log it as well. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Jérôme Rautureau Développeur Systèmes - CdA La Rochelle -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
