Have the application in .Net using single sign on. We have implemented CAS. The single sign on works but the Single sign out does not work.
In web.config the configuration for CAS is as:
<section name="casClientConfig" type="DotNetCasClient.Configuration.CasClientConfiguration, DotNetCasClient"/>
<casClientConfig
casServerLoginUrl="http://aus-vc-bdpu-tl1.argous.com:8100/cas/login"
casServerUrlPrefix=" http://au-vc-bdpu-tl1.argous.com:8100/cas"
serverName="http://localhost:53124/"
cookiesRequiredUrl="~/CookiesRequired.aspx"
redirectAfterValidation="true" gateway="false" renew="false" singleSignOut="true"
ticketTimeTolerance="50000000"
ticketValidatorName="Saml11" proxyTicketManager="CacheProxyTicketManager"
serviceTicketManager="CacheServiceTicketManager"
gatewayStatusCookieName="CasGatewayStatus"/>
I added below code to clear cookies on logout function:
ClearAuthCookie();
string redirectPage = System.Configuration.ConfigurationSettings.AppSettings["CASurl"];
Response.Redirect(redirectPage, true);
public static void ClearAuthCookie()
{
HttpContext current = HttpContext.Current;
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName);
cookie.Expires = DateTime.Now.AddMonths(-1);
cookie.Domain = FormsAuthentication.CookieDomain;
cookie.Path = FormsAuthentication.FormsCookiePath;
current.Response.Cookies.Add(cookie);
}
I have two problems:
(1) On log out the page gets redirected to the desired page , but if I go back to my application home page by back button and click on the various links , the page navigates to the links instead of asking the user to log in. Thus the log off is not successful.
(2) when the user is on another application using the single sign on and if he logs off from the other application,the user can still access the parent application which is our web site . Thus single sign out does not work
Please can you suggest what I am missing here for this to work.
