[jboss-jira] [JBoss JIRA] (AS7-5728) ClusteredSingleSignOn doesn't remove ssoId from sso cluster on Request.logout
Paul Ferraro (JIRA)
jira-events at lists.jboss.org
Tue Nov 20 10:13:21 EST 2012
[ https://issues.jboss.org/browse/AS7-5728?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Ferraro updated AS7-5728:
------------------------------
Fix Version/s: 7.2.0.Alpha1
> ClusteredSingleSignOn doesn't remove ssoId from sso cluster on Request.logout
> -----------------------------------------------------------------------------
>
> Key: AS7-5728
> URL: https://issues.jboss.org/browse/AS7-5728
> Project: Application Server 7
> Issue Type: Bug
> Components: Clustering, Security
> Affects Versions: 7.1.3.Final (EAP)
> Reporter: Stian Thorgersen
> Assignee: Paul Ferraro
> Fix For: 7.2.0.Alpha1
>
> Attachments: jboss-as-servlet-security.war
>
>
> Logging out a user with Request.logout doesn't work with clustered SSO. This is caused by ClusteredSingleSignOn.deregister(String) not removing the ssoId from the SSO cluster. The ClusteredSingleSignOn.sessionEvent removes it from both the local cache and the SSO cluster, so a workaround is to call Session.invalidate() prior to calling Request.logout().
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list