Hi, 1. No. It is wise to close the browser or Firefox: Tools -> Clear Recent History -> Active Logins.
2. Get the message out (saml 2.0) of the CAS server to remove the http session. 3. It's browser problem. To solve this problem we are developing a AuthenticationHandler that uses a Java applet to authenticate. Regards, Yuri On Tue, Jun 14, 2011 at 6:30 PM, Gabriel <[email protected]> wrote: > Hi all! > I'd read a lot of 'Cas SSOut' messages in these lists, but I think they > don't cover my case (correct me if I'm wrong): > > Once I am logged in my Liferay+custom apps using a x509 cert, I want to > click on a button that get me out, but, even after I called SSOut filter, > when I re-login without close the browser, it don't asks me for a x509 cert, > and it gets me in without any further validation. > > Questions: > 1) ¿There is a way to force CAS that once I invalidated a session, it ask > me for x509 cert again for login? or I MUST close browser before re-login? > 2) ¿What is the purpose of SSOut filter? > 3) It is a tomcat/browser/cas client version issue? > > My config: > Tomcat 7.0.12 > Java 6.0.24 > CAS server 3.4.6 > CAS client 3.1.10 > Liferay 6.0.5 > > tomcat server.xml https connectors: > <Connector SSLCACertificateFile="${catalina.home}/security/trust/chain.pem" > SSLCertificateFile="${catalina.home}/security/tomcat.pem" > SSLCertificateKeyFile="${catalina.home}/security/tomcat.key" > SSLEnabled="true" > SSLVerifyClient="optional" maxThreads="150" port="9443" > protocol="org.apache.coyote.http11.Http11AprProtocol" > scheme="https" secure="true" sslProtocol="TLS"/> > > <Connector SSLCertificateFile="${catalina.home}/security/tomcat.pem" > SSLCertificateKeyFile="${catalina.home}/security/tomcat.key" > SSLEnabled="true" SSLVerifyClient="no" > maxThreads="150" port="8443" > protocol="org.apache.coyote.http11.Http11AprProtocol" scheme="https" > secure="true" sslProtocol="TLS"/> > > cas related settings in Liferay's web.xml: > <filter> > <filter-name>CAS Single Sign Out Filter</filter-name> > > <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> > </filter> > <filter-mapping> > <filter-name>CAS Single Sign Out Filter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > <listener> > > > <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> > </listener> > > Thanks in advance. Best regards. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
