[
https://issues.apache.org/jira/browse/JSPWIKI-643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14133963#comment-14133963
]
Alessio Stalla commented on JSPWIKI-643:
----------------------------------------
I stumbled upon this issue as well - just letting you know that if you happen
to run on a Servlet 3.x container (Tomcat since version 7) there's a standard
way to solve the problem, that is to call request.logout().
As a quick hack I did it in Logout.jsp to avoid rebuilding the wiki from
source, but ideally the authentication manager could check for the presence of
the logout method and call it via reflection if available (to avoid a hard
dependency on version 3+ of the Servlet API).
> Logout does not work with Tomcat SingleSignOn
> ---------------------------------------------
>
> Key: JSPWIKI-643
> URL: https://issues.apache.org/jira/browse/JSPWIKI-643
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication & Authorization
> Affects Versions: 2.8.3
> Environment: Container managed security
> Tomcat with SingleSignOn Valve
> Reporter: Jürgen Weber
>
> JSPWiki's logout button does not work with container managed security and
> Tomcat's SingleSignOn Valve.
> To reproduce:
> Have common users for JSPWiki and another web application B
> Access B and trigger container managed security, log in.
> B is active, user is logged in.
> Access JSPWiki, JSPWiki shows the User logged into B. OK.
> Click JSPWiki's log out button. Nothing happens, user stays authenticated.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
