After the gatein session times out, the portlet's session is not invalidated. Consequently, the pages are still active and user can access lines that does not need gatein authentication. When CAS+LDAP is integrated with GateIn, such behavior may not be ideal. I need to reconfigure the GateIn to following behavior.
I am running GateIn 3.8.1 and CAS 4.0.4. Both GateIn and CAS are deployed on tomcat servers on two separate machines.
Please advise how to configure GateIn portlets. Appreciate your helps.