[jboss-jira] [JBoss JIRA] (AS7-5728) ClusteredSingleSignOn doesn't remove ssoId from sso cluster on Request.logout
Josef Cacek (JIRA)
jira-events at lists.jboss.org
Tue Jun 4 08:14:55 EDT 2013
[ https://issues.jboss.org/browse/AS7-5728?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Josef Cacek updated AS7-5728:
-----------------------------
Git Pull Request: https://github.com/wildfly/wildfly/pull/3229, https://github.com/wildfly/wildfly/pull/4588 (was: https://github.com/jbossas/jboss-as/pull/3229)
Small clean-up PR sent: https://github.com/wildfly/wildfly/pull/4588
> ClusteredSingleSignOn doesn't remove ssoId from sso cluster on Request.logout
> -----------------------------------------------------------------------------
>
> Key: AS7-5728
> URL: https://issues.jboss.org/browse/AS7-5728
> Project: Application Server 7
> Issue Type: Bug
> Components: Clustering, Security
> Affects Versions: 7.1.3.Final (EAP)
> Reporter: Stian Thorgersen
> Assignee: Paul Ferraro
> Fix For: EAP 6.1.0.Alpha (7.2.0.Final)
>
> Attachments: jboss-as-servlet-security.war
>
>
> Logging out a user with Request.logout doesn't work with clustered SSO. This is caused by ClusteredSingleSignOn.deregister(String) not removing the ssoId from the SSO cluster. The ClusteredSingleSignOn.sessionEvent removes it from both the local cache and the SSO cluster, so a workaround is to call Session.invalidate() prior to calling Request.logout().
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list