[jboss-jira] [JBoss JIRA] (AS7-5728) ClusteredSingleSignOn doesn't remove ssoId from sso cluster on Request.logout
[
https://issues.jboss.org/browse/AS7-5728?page=com.atlassian.jira.plugin.s...
]
Stian Thorgersen commented on AS7-5728:
---------------------------------------
Also see https://community.jboss.org/thread/194750
ClusteredSingleSignOn doesn't remove ssoId from sso cluster on
Request.logout
-----------------------------------------------------------------------------
Key: AS7-5728
URL: https://issues.jboss.org/browse/AS7-5728
Project: Application Server 7
Issue Type: Bug
Components: Clustering, Security
Affects Versions: 7.1.3.Final (EAP)
Reporter: Stian Thorgersen
Assignee: Paul Ferraro
Attachments: jboss-as-servlet-security.war
Logging out a user with Request.logout doesn't work with clustered SSO. This is
caused by ClusteredSingleSignOn.deregister(String) not removing the ssoId from the SSO
cluster. The ClusteredSingleSignOn.sessionEvent removes it from both the local cache and
the SSO cluster, so a workaround is to call Session.invalidate() prior to calling
Request.logout().
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira