I'm having similar problems with JBoss 3.2.6 when I'm trying to logout a user. I have Tomcat SSO enabled. Here's a log printout of what's happening:
09:22:28,173 INFO [STDOUT] logoutSession get principal 09:22:28,173 INFO [STDOUT] logoutSession principal: testuser 09:22:28,173 INFO [STDOUT] JSESSIONIDSSO is removed, redirecting to Welcome page. 09:22:28,183 INFO [STDOUT] getAuthenticationCachePrincipals before flush: [testuser] 09:22:28,183 INFO [STDOUT] getAuthenticationCachePrincipals after flush: [] 09:22:28,183 INFO [STDOUT] SMWelcomeForm constructor end 09:22:28,203 INFO [Engine] SingleSignOn[localhost]: Process request for '/Welcome.faces' 09:22:28,213 INFO [Engine] SingleSignOn[localhost]: Checking for SSO cookie 09:22:28,213 INFO [Engine] SingleSignOn[localhost]: Checking for cached principal for F34A9CDB06E28C1717F229131FC4FAC3 09:22:28,213 INFO [Engine] SingleSignOn[localhost]: Found cached principal 'testuser' with auth type 'FORM' 09:22:28,213 INFO [Engine] SingleSignOn[localhost]: Associate sso id F34A9CDB06E28C1717F229131FC4FAC3 with session StandardSession[4A91ACBA9C484E245E1817D9E0385260] So the jboss authentication cache flush seems to work correctly but the SingleSignonValve still allows login without re-authentication. How can the re-authentication be forced with SSO enabled? Regards, Mika Koskinen View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3872683#3872683 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3872683 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user