Marvin, I don't understand what do you mean by "agent". And how do I "perform a GET on that resource" (that resource meaning remoteCAS?)? I was thinking may be I can call the remote logout url inside the LogoutController. but then I got confused: how does CAS know which sets of TGT and cookies to remove? My understanding is that there exits one set from the localCAS server, and a second set from the remoteCAS server. I was thinking the flow of events in this order: 1. User logs in to the localCAS 2. user accesses a service protected by the remoteCAS 3. remoteCAS trusts localCAS, so a TGT and cookie are sent to the users browser 4. user does his/her stuff, time to call it a day.. 5. user clicks logout button of localCAS 6. Inside LogoutController class, TGT and cookie from the remoteCAS is found and removed before finding and removing the localCAS server generated cookies. So I am stuck at #5, the first half. Thanks.
--- On Wed, 2012/4/18, Marvin S. Addison <[email protected]> wrote: > Looks like calling the /logout process like: > https://remoteCAS/logout > > won't do the job! Will it? Depends on the agent that goes there. If your agent is localCAS, then it will not work since it doesn't have the TGT to be invalided; however, everything will work as you hope if the user performs a GET on that resource in his/her browser. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
