CAS behavior
Jhonny John
tired_curious at yahoo.com
Fri Jan 16 15:03:19 EST 2009
CAS gurus,
A newbie Q:
I tried to figure out the behavior of CAS SSO (sign-on) and my browser
is probably caching. Nevertheless, I wanted to clarify:
I have two apps (app1, app2)that are protected by cas-clients and have a CAS 3.3.1 server.
There are two browser instances (browser1 and browser2) that share cookies etc.
When I authenticate with CAS server for the first time by trying to access either one of
the apps, I see the TGC set correctly and also the ST in the url after the authentication.
Now, with the other browser instance (browser2) , I can access the app2 as it naturally shares
TGC.
Now when I excplicitly logout from the app2 in browser2 by invoking http://url/cas/logout,
I do see the logout successful page but here is the confusion: In the browser1 I continue to
have access to app1. Is this normal? ['guess so as I did not use single sign out).
How does CAS keep track of the apps and sign-outs when in single-sign-on mode? what is the
expected behavior?
Any pointers/docs highly appreciated as an aid to learn more on CAS.
Thanks!
JJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20090116/e4b2e871/attachment.html
More information about the cas
mailing list