[jboss-jira] [JBoss JIRA] (AS7-5728) ClusteredSingleSignOn doesn't remove ssoId from sso cluster on Request.logout
[
https://issues.jboss.org/browse/AS7-5728?page=com.atlassian.jira.plugin.s...
]
Stian Thorgersen updated AS7-5728:
----------------------------------
Description: Logging out a user with Request.logout doesn't work with clustered
SSO. This is caused by ClusteredSingleSignOn.deregister(String) not removing the ssoId
from the SSO cluster. The ClusteredSingleSignOn.sessionEvent removes it from both the
local cache and the SSO cluster, so a workaround is to call Session.invalidate() prior to
calling Request.logout(). (was: Logging out a user with Request.logout doesn't work
with clustered SSO. This is caused by ClusteredSingleSignOn.deregister(String) not remove
the ssoId from the SSO cluster. The ClusteredSingleSignOn.sessionEvent removes it from
both the local cache and the SSO cluster, so a workaround is to call Session.invalidate()
prior to calling Request.logout().)
ClusteredSingleSignOn doesn't remove ssoId from sso cluster on
Request.logout
-----------------------------------------------------------------------------
Key: AS7-5728
URL: https://issues.jboss.org/browse/AS7-5728
Project: Application Server 7
Issue Type: Bug
Affects Versions: 7.1.3.Final (EAP)
Reporter: Stian Thorgersen
Attachments: jboss-as-servlet-security.war
Logging out a user with Request.logout doesn't work with clustered SSO. This is
caused by ClusteredSingleSignOn.deregister(String) not removing the ssoId from the SSO
cluster. The ClusteredSingleSignOn.sessionEvent removes it from both the local cache and
the SSO cluster, so a workaround is to call Session.invalidate() prior to calling
Request.logout().
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira