After the gatein session times out, the portlet's session is not invalidated. Consequently, the pages are still active and user can access lines that does not need gatein authentication. When CAS+LDAP is integrated with GateIn, such behavior may not be ideal. I need to reconfigure the GateIn to following behavior.

1. GateIn portal obtains authentication from CAS when user signon for access the portal.
2. If the CAS user is not registered in GateIn, the CAS user can view content that does not need GateIn credential.
3. When GateIn session timeouts, the user will need to obtain new authentication from CAS. Therefore all portlets' session has to be ended as well.

I am running GateIn 3.8.1 and CAS 4.0.4. Both GateIn and CAS are deployed on tomcat servers on two separate machines.

Please advise how to configure GateIn portlets. Appreciate your helps.