I read that when I issue /logout command, it destroys the TGC that has been stored by the CAS server upon establishment of a SSO session. I assume the TGC is stored on the client side. But I also see that in CAS server logs, "something" is happening.. basically ticket TGT-XXX.. is being removed.
I am trying to explore a possibility where only removing local TGC would log me out from an SSO regime. But I don't know what happens that server side TGT-XXX? Would the ticket registry just grow and grow for each new SSO session? Even if there is a kind of garbage collection of ticket registries, how would the remote CAS server know if a user has deleted his or her TGC on the client side? My conclusion is that one needs to communicate with the server for the TGC removal, just removing the TGC on the clint side is not enough. Is it correct? Hope someone can demystify the logout process or point to some URLs. Thanks. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
