JJ,
There are two key concepts you need to consider. One is the CAS SSO
Session which is effectively the amount of time the TGC will be valid
(default I think is 8 hours). The other is Application Session which
is specific to each individual application (app1, app2). These
sessions (SSO and Application) are independent.
By invoking the {server}/cas/logout you effectively have ended your
SSO session. However, any Application Sessions that are already
in-flight will continue to be valid.
Single-Sign Out describes a feature whereby CAS remembers what
applications have requested authentication and does a call back on
each one to invalidate any current Application Sessions when the user
ends an SSO session with CAS. This is approach has its problems and
is not enabled by default out of the box. So, yes you are seeing the
expected CAS behavior.
Bill
--
William G. Thompson, Jr.
Senior Technologist - Development Information Systems
Office of Development, Princeton University
voice: 609.258.2655 | wthom...@princeton.edu
On Fri, Jan 16, 2009 at 3:03 PM, Jhonny John <tired_curi...@yahoo.com> wrote:
> CAS gurus,
>
> A newbie Q:
> I tried to figure out the behavior of CAS SSO (sign-on) and my browser
> is probably caching. Nevertheless, I wanted to clarify:
>
> I have two apps (app1, app2)that are protected by cas-clients and have a CAS
> 3.3.1 server.
> There are two browser instances (browser1 and browser2) that share cookies
> etc.
> When I authenticate with CAS server for the first time by trying to access
> either one of
> the apps, I see the TGC set correctly and also the ST in the url after the
> authentication.
> Now, with the other browser instance (browser2) , I can access the app2
> as it naturally shares
> TGC.
>
> Now when I excplicitly logout from the app2 in browser2 by invoking
> http://url/cas/logout,
> I do see the logout successful page but here is the confusion: In the
> browser1 I continue to
> have access to app1. Is this normal? ['guess so as I did not use single sign
> out).
>
> How does CAS keep track of the apps and sign-outs when in single-sign-on
> mode? what is the
> expected behavior?
>
> Any pointers/docs highly appreciated as an aid to learn more on CAS.
>
> Thanks!
> JJ
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas@tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
_______________________________________________
Yale CAS mailing list
cas@tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
