[cas-dev] CAS logout
Jennifer Yang
jyoonyang at gmail.com
Tue Jul 25 21:36:36 EDT 2006
Hello,
I am trying to implement logout.
I found the following thread, but I am not seeing the same behavior.
http://tp.its.yale.edu/pipermail/cas/2005-February/001010.html
According to this, hitting /cas/logout should prevent the previously
authenticated user from accessing another webapp without signing on again.
Here is what I tried and the behavior.
I have two webapps (using jsp-examples and servlet-examples supplied by
Tomcat) both setup to use CASFilter.
1. I enter one of the jsp-examples url in the browser.
2. I get JA-SIG login page and I log in successfully.
3. I get redirected to the jsp-examples I was trying access in step 1.
4. I logoff via /cas/logout and get a JA-SIG "successfully logged off".
5. I enter one of the servlet-examples (a different webapp from step 1). I
expected to get another JA-SIG login page, but I get my servlet-examples
without being re-authenticated.
Am I missing something?
Also, what is the best way to implement single-sign-out?
Thanks very much!
--Jennifer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20060725/0bd191b8/attachment.html
More information about the cas-dev
mailing list