[jboss-jira] [JBoss JIRA] (AS7-5728) ClusteredSingleSignOn doesn't remove ssoId from sso cluster on Request.logout
SBS JIRA Integration (JIRA)
jira-events at lists.jboss.org
Thu Oct 11 06:48:03 EDT 2012
[ https://issues.jboss.org/browse/AS7-5728?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
SBS JIRA Integration updated AS7-5728:
--------------------------------------
Git Pull Request: https://github.com/jbossas/jboss-as/pull/3229 (was: https://github.com/jbossas/jboss-as/pull/3229)
Forum Reference: https://community.jboss.org/message/714392#714392
> ClusteredSingleSignOn doesn't remove ssoId from sso cluster on Request.logout
> -----------------------------------------------------------------------------
>
> Key: AS7-5728
> URL: https://issues.jboss.org/browse/AS7-5728
> Project: Application Server 7
> Issue Type: Bug
> Components: Clustering, Security
> Affects Versions: 7.1.3.Final (EAP)
> Reporter: Stian Thorgersen
> Assignee: Paul Ferraro
> Attachments: jboss-as-servlet-security.war
>
>
> Logging out a user with Request.logout doesn't work with clustered SSO. This is caused by ClusteredSingleSignOn.deregister(String) not removing the ssoId from the SSO cluster. The ClusteredSingleSignOn.sessionEvent removes it from both the local cache and the SSO cluster, so a workaround is to call Session.invalidate() prior to calling Request.logout().
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list