[jboss-jira] [JBoss JIRA] (AS7-5728) ClusteredSingleSignOn doesn't remove ssoId from sso cluster on Request.logout
Stian Thorgersen (JIRA)
jira-events at lists.jboss.org
Thu Oct 11 06:44:03 EDT 2012
[ https://issues.jboss.org/browse/AS7-5728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12725546#comment-12725546 ]
Stian Thorgersen commented on AS7-5728:
---------------------------------------
Also see https://community.jboss.org/thread/194750
> ClusteredSingleSignOn doesn't remove ssoId from sso cluster on Request.logout
> -----------------------------------------------------------------------------
>
> Key: AS7-5728
> URL: https://issues.jboss.org/browse/AS7-5728
> Project: Application Server 7
> Issue Type: Bug
> Components: Clustering, Security
> Affects Versions: 7.1.3.Final (EAP)
> Reporter: Stian Thorgersen
> Assignee: Paul Ferraro
> Attachments: jboss-as-servlet-security.war
>
>
> Logging out a user with Request.logout doesn't work with clustered SSO. This is caused by ClusteredSingleSignOn.deregister(String) not removing the ssoId from the SSO cluster. The ClusteredSingleSignOn.sessionEvent removes it from both the local cache and the SSO cluster, so a workaround is to call Session.invalidate() prior to calling Request.logout().
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list