[jboss-jira] [JBoss JIRA] (AS7-5728) ClusteredSingleSignOn doesn't remove ssoId from sso cluster on Request.logout
[
https://issues.jboss.org/browse/AS7-5728?page=com.atlassian.jira.plugin.s...
]
Stian Thorgersen updated AS7-5728:
----------------------------------
Git Pull Request: https://github.com/jbossas/jboss-as/pull/3229
ClusteredSingleSignOn doesn't remove ssoId from sso cluster on
Request.logout
-----------------------------------------------------------------------------
Key: AS7-5728
URL: https://issues.jboss.org/browse/AS7-5728
Project: Application Server 7
Issue Type: Bug
Affects Versions: 7.1.3.Final (EAP)
Reporter: Stian Thorgersen
Attachments: jboss-as-servlet-security.war
Logging out a user with Request.logout doesn't work with clustered SSO. This is
caused by ClusteredSingleSignOn.deregister(String) not remove the ssoId from the SSO
cluster. The ClusteredSingleSignOn.sessionEvent removes it from both the local cache and
the SSO cluster, so a workaround is to call Session.invalidate() prior to calling
Request.logout().
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira