> > I have added the web flow actions which was mentioned earlier for the > 3.5.x(TerminateSessionAction.java --> public Event terminate(final > RequestContext context) . >
That alone is not sufficient. You need a decision state prior that transitions to the action on invalid ticket. > We have a account locked screen, which would be displayed when user enters > wrong password for certain number of attempts. > That suggests you have modified the login flow from what we ship. I suggest that you examine your custom flow to ensure that you do two things near the start of the flow: 1. Check for expired TGT (e.g. TicketGrantingTicketCheckAction) 2. Remove the CASTGC cookie on expired ticket (e.g. TerminateSessionAction) M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
