CAS gurus, A newbie Q: I tried to figure out the behavior of CAS SSO (sign-on) and my browser is probably caching. Nevertheless, I wanted to clarify:
I have two apps (app1, app2)that are protected by cas-clients and have a CAS 3.3.1 server. There are two browser instances (browser1 and browser2) that share cookies etc. When I authenticate with CAS server for the first time by trying to access either one of the apps, I see the TGC set correctly and also the ST in the url after the authentication. Now, with the other browser instance (browser2) , I can access the app2 as it naturally shares TGC. Now when I excplicitly logout from the app2 in browser2 by invoking http://url/cas/logout, I do see the logout successful page but here is the confusion: In the browser1 I continue to have access to app1. Is this normal? ['guess so as I did not use single sign out). How does CAS keep track of the apps and sign-outs when in single-sign-on mode? what is the expected behavior? Any pointers/docs highly appreciated as an aid to learn more on CAS. Thanks! JJ
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
