[gatein-issues] [JBoss JIRA] Resolved: (GTNPORTAL-996) GateIn+JOSSO integration: Problems with logout
[
https://jira.jboss.org/jira/browse/GTNPORTAL-996?page=com.atlassian.jira....
]
Sohil Shah resolved GTNPORTAL-996.
----------------------------------
Resolution: Done
CAS is fixed.
Note: CAS logout screen does not support an auto redirect back. Instead it provides a
parameterized link on the logout screen. The user has to click on that link to get back
to their original web app. (they frown upon this practice, but this looks like the middle
ground).
This is not a CAS bug. Its by design. They argue that when you Logout you should really
close out your browser for security reasons. Because if you logout of one site, it does
not necessarily mean you are logged out from other sites. So someone can go into browser
history and gain access to your account on other sites that are part of the SSO network.
GateIn+JOSSO integration: Problems with logout
----------------------------------------------
Key: GTNPORTAL-996
URL: https://jira.jboss.org/jira/browse/GTNPORTAL-996
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: 3.0.0-GA
Environment: GateIn-3.0.0-GA+JBoss 5.1 bundle (port 8080 for HTTP),
JOSSO-1.8.1+Tomcat 6.0.18 bundle (port 8888 for HTTP),
Reporter: Marek Posolda
Assignee: Sohil Shah
After integrating GateIn portal with JOSSO, I did these steps:
- Click to "Sign in" in GateIn
- Login as root in JOSSO console
- Logout in GateIn
- Click to "Sign in" link again. Now I am directly authenticated to GateIn
which is not correct to me because now I am not able to login as different user in this
web session.
Problem is that JOSSO cookie is not cleared from browser when doing logout from GateIn. I
am able to login as different user after clearing the cookie directly from web browser via
browser cookie manager.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira