-
1. Re: Logout Issue
Nipun-
What you are suggesting is correct and it should work.
Let me run the Federated Logout usecase on my machine and make sure there is no SSO Logout related bug.
btw- are the two applications in the same web domain?
If you are invalidating your session on any of the applications, you should be logged out on all other applications automatically.
Let me look into this.
Thanks
Sohil -
2. Re: Logout Issue
Hi
Thanks for your response Sohil, really appreciate it.
Yes both the applications are on same domain.
Thanks again for your help
Regards
Nipun -
3. Re: Logout Issue
Hi Sohil
I think I found the error, it was on my end. The logout url defined inside conext.xml was not correct. But again I think there is one thing..... on Application A I have to logout atleat 2 times, that is
let say suppose I have logout URL as http://mydomain.com:8080/myapplication/logout.jsp and in logout.jsp I have to session.invalidate() method.
I have to hit this url atleast 2 times if I want my partner application to also logout. i.e. after hitting this logout page twice if I go to my partner application my partner application will show SSO logout page and will logout. But if just say logout and go to my partner application it will still show me same user. OR may be I shd wait for some seconds before I go to my partner web app.
Thanks again for your help
Regards
Nipun -
4. Re: Logout Issue
Nipun-
Try waiting like 5 seconds to hit the next application. If that doesn't work, clear out your cookies (generated by these applications), restart the browser and run the scenario again.
Let me know what you find out. And yes, logout url is important for SSO logout in context.xml.
So-
1/ Only single hit to the logout should be sufficient. If you consistently run into this issue of two logout hits, then this maybe a bug I need to look into. can you post your cookie list after hitting the logout just once .
Thanks
Sohil -
5. Re: Logout Issue
Hi Sohil
Thanks for your response
I cross checked it twice and started fresh after deleting all the cookies, here is what I found out about cookies
1) Application after I log in I can see one cookie for my domain "token"
2) Now from same browser I go to Applicatiob B, automatically gets log into the Application B and cookie is still "token" for my domain
3)I logout from application B and after that "token" cookie is deleted under the domain.
4)I go back to application A and again I automatically log in and this time I again see the "token" cookie for my domain
5)I go back to Application B and again I gets logged in automatically, token cookie is regenerated
Note: All above steps are done with 5 sec delay
Now
6) On Application B I logout (In logs I can see I am calling session.invalidate() and after that request.getuserprincipal becomes null),
After logging out,Now token cookie is deleted from browser. I again type the logout URL on browser for application B and send the page again to logout page i.e I did logout for 2 times
7) Now I go back to Application A and now I see 'SSO Logout...' message on screen, (I beleive that this message is internal as I am not printing it anywhere) and after that my logout page of application A is called.
So I am sure that I have to do logout twice and then only I log out from all partner applications.
Waiting for your response
Regards
Nipun -
6. Re: Logout Issue
Looks like you are performing all the right steps. Not sure at this point what the issue could possibly be with two logouts....its the same logic executed on both cases.
Just to make sure your configuration is right. Is this the way its setup
1/ context.xml in application A points to the logout URL of application A and not of B
2/ context.xml in application B points to the logout URL of application B and not of A.
here is what my logout.jsp looks like in the demo app<%@page contentType="text/html" language="java"%> <% response.setHeader("Cache-Control", "no-cache, must-revalidate"); response.setHeader("Pragma","no-cache"); %> <% request.getSession().invalidate(); response.sendRedirect("index.jsp"); %>
btw- is there any way for you to capture the http traffic being sent to the web server when following these steps....this will give more visibility into the sequence of steps being performed
Thanks
Sohil -
7. Re: Logout Issue
btw can you also confirm that in application B when you logout for the first time,
the request.getUserPrincipal is null just like second time you logout -
8. Re: Logout Issue
Hi Sohil
Thanks for your response
yes context. xml is correct, Application A context.xml points to Application A logout page only.
Let me try to setheaders in my logout pages.
Regrding http traffice I believe I have tool to capture it or I will download it.
Let me try these two things quickly
Thanks again for your response
nipun -