[gatein-issues] [JBoss JIRA] Reopened: (GTNPORTAL-996) GateIn+JOSSO integration: Problems with logout

[ https://jira.jboss.org/jira/browse/GTNPORTAL-996?page=com.atlassian.jira.... ] Marek Posolda reopened GTNPORTAL-996: ------------------------------------- Assignee: Sohil Shah I am testing the fix with latest SSO stuff and solution works fine for JOSSO and OpenSSO. But now I am seeing this problem with CAS. To simulate it I am using this configuration: - GateIn is configured to use renew=false in all places (GenericSSOAgent in web.xml, LoginRedirectFilter in web.xml,URL in login.jsp). - CAS cookie is configured to be "visible" (This can be donne by configuring CAS in HTTPS environment or by changing CAS cookie to be non-secure in TOMCAT_HOME/webapps/cas/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml ). And doing these steps: - Login user into GateIn with CAS - Click to "Logout" in GateIn, the cookie CASTGC is not removed - Click to "Sign in". User is directly logged again because of CASTGC cookie (he directly receives new valid ticket from CAS without doing reauthentication). So the only way to logout is manual deletion of the cookie from browser cookies. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira