>I have also added > SingleSignOut filter as described here in my > web.xml: http://www.ja-sig.org/wiki/display/CASC/Configuring+Single+Sign+Out
You've added it, but have you verified it works correctly? Single sign-out works by CAS making a connection to the client application and posting a SAML LogoutRequest message. That means CAS must be able to make a connection to the client using the service URL and the certificate presented by the client must be trusted by CAS. You can easily verify the LogoutRequest message is sent successfully by examining the CAS server logs. If you're using localhost URLs, it's very likely CAS can't determine the client hostname in order to post the LogoutRequest message, which would explain why your application session is not destroyed as expected. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
