El 16/07/13 15:12, Oliver Wulff escribió:
What is your expectation of a logout? If you don't have an IDP
component and instead authenticate against LDAP directly within
Tomcat, you'll loose your application http session and all data
stored in the application session is gone. When you access the
application again, you're promted to enter username/password again
and a new application session is created. The purpose of single sign
on is that you got a session with the IDP and a session with each
application which you accessed since the login with the IDP. If you
"logout" from the application, the application session is gone, but
not the session with the IDP. There is also the concept of single
logout but this means that you logout from all the applications which
are accessed after the IDP session is created. Is this the
functionality you're looking for?
Thanks
My long term goal is to change the CAS authetication in my app with
WS-Federation authentication.
I guess there isn't single sign out support yet.
https://issues.apache.org/jira/browse/FEDIZ-19
What I need is a way to log out so when I'm requested my username and
password again I can choose a different one. I also want to be able to
log out and still use my application as an anonymous user. My app lets
me do lots of things but it shows me less data than to an authenticated
user in that case.
I don't think I'll be using Tomcat as the identity server. (There's an
active directory here [https://186.33.232.65/] that I have to point to
eventually).
If the single sign out is a just fediz implementation limitation, but
there's a way to log out from other implementations, then it's ok.
