Hi there, I'm using cas 3.4.3, and I've casified two application, one with filter on web.xml, the other via Spring Security. It works fine, but when I logout from cas via "casserver/cas/logout" from the app with web.xml filter if I don't close the browser's window I'm still able to enter the application without being challenged. The application using Spring works correctly. I suppose the first application memorizes userprincipal in his application-session,what I don't understand is why, if the ticket is invalidated, I'm still able to obtain that resource without being challenged. Any Ideas?
This is the filter configuration : <!-- CAS CLIENT CONFIGURATION--> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://stc.test.me:9444/GESTUSER/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>https://stc.test.me:19443</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://stc.test.me:9444/GESTUSER</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>https://stc.test.me:19443</param-value> </init-param> </filter> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
