We are authenticating against LDAP. When we login via our product (which is run on weblogic) and then go to xwiki we are logged in and everything looks good, we can log out from our application and the xwiki again looks good. Except there is a backdoor, where the user can go to xwiki and login directly w/o going through our product first. At that point, if the user then tries to logout via the xwiki button, nothing really happens besides the logs filling up with errors.
Does this help? -----Original Message----- From: users [mailto:[email protected]] On Behalf Of Guillaume Fenollar Sent: Tuesday, July 01, 2014 1:59 PM To: XWiki Users Subject: EXTERNAL: Re: [xwiki-users] Xwiki Logout Hello, This is the role of any SSO to make you authenticate everytime you access a ressource. So when you click on Logout, it sends your credentials again and keep you loggued in. So it depends greatly on the type of your SSO, but for example for CAS, the only way would be to experiment Single Sign Out (which was experimental last time I looked to it). The main problem is that the mod_cas for Apache doesn't have the ability to destroy the SSO cookie, which would be a 100% sure way to log you out. What SSO have you implemented? Guillaume 2014-07-01 20:13 GMT+02:00 Brockmeier, Chris S <[email protected]> : > Actually, please cancel that request. I need the logout button to > actually logout the user. When I view the log I get a whole bunch of > Oracle10gDialect errors followed by a StackOverflowError > SEVERE: Cannot send action notifications for document > [XWiki.XWikiLougout using action [logout] > > Any Ideas? > > Thanks, > Chris. > > > > -----Original Message----- > From: users [mailto:[email protected]] On Behalf Of Brockmeier, > Chris S > Sent: Tuesday, July 01, 2014 11:44 AM > To: [email protected] > Subject: EXTERNAL: [xwiki-users] Xwiki Logout > > Hey all, > > I'm using an SSO authenticator to login to Xwiki. The Xwiki has a logout > button that doesn't appear to do anything (for SSO) once pressed . Is > there a way to disable this button? > > Thanks, > Chris. > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
