I'm currently using AS7 CRb1 and i'm trying to add some SSO to a couple web apps i have.
I've set up a security domain and added the <sso reauthenticate=false /> tag to my standalone.xml
and i've added
<security-domain>*******</security-domain>
<valve>
<class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>
</valve>
to my jboss-web.xml
from one web.xml:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>*******</realm-name>
<form-login-config>
<form-login-page>/login.jsf</form-login-page>
</form-login-config>
</login-config>
from the other web.xml
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/pages/Secure/login.jsp</form-login-page>
<form-error-page>/pages/Secure/login.jsp?error=true</form-error-page>
</form-login-config>
</login-config>
in both web apps i call response.login() and authenticate fine. logging into one will log the other site in as well.
the problem happens when i try to log out by call reponse.logout() it doesn't seem to work. i do not get an error in the console and code that redirects after the logout is called successfully.
i've tried to use just <sso /> but it actually disappears when loaded, and <sso reauthenticate=true/> but then sso doesn't work
i've noticed that when request.logout happens request.getPrincipal is null, but on the next request it is there again
thanks in advance for the help
-Luke
This is caused by a bug in the clustered SSO, see https://issues.jboss.org/browse/AS7-5728 for a workaround