[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-1848) Portal CAS integration does not invalidate the CAS token
Sohil Shah (JIRA)
jira-events at lists.jboss.org
Thu Jan 31 01:27:59 EST 2008
[ http://jira.jboss.com/jira/browse/JBPORTAL-1848?page=comments#action_12397607 ]
Sohil Shah commented on JBPORTAL-1848:
--------------------------------------
The CAS Logout functionality is now added.
However, it must be noted that the CAS system recommends that you close your browser after performing the Logout.
With my testing I noticed that if the browser is not closed and re-opened, when a new authenticated portal session is created by CAS, the CAS ticket issued is invalid and you cannot login to the portal even with a valid username and password.
This is a limitation of the CAS system
> Portal CAS integration does not invalidate the CAS token
> --------------------------------------------------------
>
> Key: JBPORTAL-1848
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-1848
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal Identity
> Affects Versions: 2.6.2 Final, 2.6.3 Final, Identity-1.0
> Reporter: Sohil Shah
> Assigned To: Sohil Shah
> Fix For: 2.6.4 Final, Identity-1.1
>
>
> When a user logs out of Portal, the CAS token still stays alive and upon next Portal request, performs automatic authentication.
> End result is, user can never log out
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list