CAS SingleSignOutFilter problems
Steve Podell
spodell at iii.com
Thu Apr 3 17:40:41 EDT 2008
CAS is working great for our webapps. I need to add single signout to
our setup to do some cleanup in the soon to be invalidated sessions on
logout. So I added the Single Sign out filter and listener as described
here...
http://www.ja-sig.org/wiki/display/CASC/Configuring+Single+Sign+Out
I am using cas-server-core-3.1.jar
When I set a debugger breakpoint in
org.jasig.cas.client.session.SingleSignOutFilter, I can see requests
coming through, but I never see a POST, so the request parameter
"logoutRequest" is not acted on. I also don't see the
artifactParameterName/"ticket" parameter coming through either, so the
the session references are not being cached.
The wiki page
http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out
mentions an ArgumentExtractor property called disableSingleSignOut, but
I don't see where you would set it (and have not set it).
When I watch the requests on a http analyzer on my PC, there is an early
POST on the login to cas that does contain the ticket on the response.
But a client side filter would not see the response...?
- Process : firefox.exe[2748]
(COUNT=25)
8 13:03:14:453 0.264 s POST 302 0 text/plain
https:///iii/cas/login;jsessionid=3C16428223AD4231E9079B8B50804C19?service=https%3A%2F%2Fmtdemo.iii.com%3A443%2Fiii%2Fmfrpro%2Fj_acegi_cas_security_check
https://mtdemo.iii.com:443/iii/mfrpro/j_acegi_cas_security_check?ticket=ST-5-SfMWDEiDcVLVoLxsaEbYfcT3ZXTupEvGHHB-20
So some basic questions:
1) This filter is client side cache of tickets and sessions?
2) I should be seeing logoutRequest POSTs to the webapp so that the CAS
client code can cache the tickets?
3) I should be seeing POSTs with "ticket" as a request parameter?
4) This feature is in cas-server-core-3.1?
5) The feature defaults to "on"? The ArgumentExtractor properties are
already set up?
More information about the cas
mailing list