Anyone have experience with Single Sign Out on OAS running multiple
containers?
Here's what I'm experiencing:
Our development OAS server is only running one container for the Java
apps. That means that every request of that machine grabs from that same
container. That also means that a user accessing multiple apps on that
server within the same browser session pulls from the same server
session. I have a single logout page set up in a common shared web
application (Acl). I test with a sample CAS application (casTest) to log
in and view content. When I click the logout link in the casTest
application it goes to the Acl application which does it's local logout
thing of invalidating the server session and redirecting to CAS logout.
Coming back to the casTest application after this proves that I am
logged out as does the server opmn logs.
In the same manner, going to the casTest application, logging in,
navigating around, then going directly to the CAS logout page (by typing
the logout URL), also logs me out. Thus, Single Sign Out works on a
single container OAS server!
Now our test OAS server that has 4 OC4J containers... Following the same
steps of logging into the casTest application, then clicking the Logout
link which takes me to the Acl application for logout (session
invalidation) and redirect to CAS does not yield the same results. The
reason is that it is a crapshoot if the request to Acl will grab the
server session from the same container that my casTest application
requests were being handled by. I am able to verify this by watching the
logs of each container. So far in all my tests the casTest application
gets session out of one container and the Acl application gets session
out of another container. So when Acl invalidates the session (for local
logout), it invalidates the session in that container, but not in the
container the casTest requests are being handled in. So logout doesn't
even work now.
Now apply all this to Single Sign Out. The Single Sign Out broadcast is
sent to the java server, the problem is, which container receives it?
And is that the same container the user has been operating out of with
their browser session? Again, its a crapshoot. So Single Sign Out
doesn't work when multiple containers are used.
I've done some research into invalidating sessions for all containers in
these situations and am not coming up with anything yet. This is why I'm
sending this email to see if any of you have any ideas to "solve" this.
Any help/pointers would be greatly appreciated.
Thanks,
Chad
--
------------------------------------------------------------------------------
Chad M Wittrock (chad.wittr...@uni.edu)
Systems Analyst/Web Apps
University of Northern Iowa
(319) 273-7437
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
