CAS SingleSignOutFilter problems

Scott Battaglia scott.battaglia at gmail.com
Sat Apr 12 18:30:58 EDT 2008 

You won't see the requests in your browser.  They happen "behind the
scenes"  Not sure how you are looking for them.

-Scott

On Fri, Apr 11, 2008 at 2:53 PM, Steve Podell <spodell at iii.com> wrote:

>  Hi Scott,
>    Yes Single Sign Out events are in the log, but the requests don't get
> made.  I use an "HTTP Analyzer" (http://www.ieinspector.com) to debug
> these things, and I see all the other requests, but not these logout
> requests.
>
> From the log (the URLs look right):
> DEBUG 110408.123441 - Sending logout request for:
> https://mtdemo.iii.com:443/iii/mfrpro/j_acegi_cas_security_check
> DEBUG 110408.123441 - Sending logout request for:
> https://mtdemo.iii.com:443/iii/encore/j_acegi_cas_security_check
>
>
> Thanks,
> Steve
>
>
> Scott Battaglia wrote:
>
> If you turn on DEBUG logging for the CAS server, you should be able to see
> messages that say "Sending logout request for: {serviceId}".  Can you
> confirm that?
>
> Thanks
> -Scott
>
> On Thu, Apr 10, 2008 at 6:59 PM, Steve Podell <spodell at iii.com> wrote:
>
> > I upgraded to CAS Server 3.2.1 RC2 and after some changes in our code we
> > are back up and running.   The problem is that I still don't see any posts
> > to the other registered services.   I don't see any posts at all after
> > logging out (going to /cas/logout).  Just a series of GETs.
> >
> > Is there some other configuration that is necessary to turn on the POSTs
> > for Single Sign Out?
> >
> > Thanks,
> > Steve
> >
> > Scott Battaglia wrote:
> >
> >
> >
> > On Thu, Apr 3, 2008 at 5:40 PM, Steve Podell <spodell at iii.com> wrote:
> >
> > > CAS is working great for our webapps.  I need to add single signout to
> > > our setup to do some cleanup in the soon to be invalidated sessions on
> > > logout.  So I added the Single Sign out filter and listener as
> > > described
> > > here...
> > > http://www.ja-sig.org/wiki/display/CASC/Configuring+Single+Sign+Out
> > >
> > > I am using cas-server-core-3.1.jar
> > >
> > > When I set a debugger breakpoint in
> > > org.jasig.cas.client.session.SingleSignOutFilter, I can see requests
> > > coming through, but I never see a POST, so the request parameter
> > > "logoutRequest" is not acted on. I also don't see the
> > > artifactParameterName/"ticket" parameter coming through either, so the
> > > the session references are not being cached.
> > >
> > > The wiki page
> > > http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out
> > > mentions an ArgumentExtractor property called disableSingleSignOut,
> > > but
> > > I don't see where you would set it (and have not set it).
> > >
> > > When I watch the requests on a http analyzer on my PC, there is an
> > > early
> > > POST on the login to cas that does contain the ticket on the response.
> > > But a client side filter would not see the response...?
> > >
> > > -  Process : firefox.exe[2748]
> > > (COUNT=25)
> > >
> > >   8     13:03:14:453  0.264 s      POST    302     0     text/plain
> > >
> > > https:///iii/cas/login;jsessionid=3C16428223AD4231E9079B8B50804C19?service=https%3A%2F%2Fmtdemo.iii.com%3A443%2Fiii%2Fmfrpro%2Fj_acegi_cas_security_check
> > >
> > >
> > > https://mtdemo.iii.com:443/iii/mfrpro/j_acegi_cas_security_check?ticket=ST-5-SfMWDEiDcVLVoLxsaEbYfcT3ZXTupEvGHHB-20
> > >
> > > So some basic questions:
> > > 1) This filter is client side cache of tickets and sessions?
> >
> > The filter is a client side filter so it should be set on the
> > applications.
> >
> > >
> > > 2) I should be seeing logoutRequest POSTs to the webapp so that the
> > > CAS
> > > client code can cache the tickets?
> >
> > You'll only see the POST when you actually log out of CAS.
> >
> > >
> > > 3) I should be seeing POSTs with "ticket" as a request parameter?
> >
> > No you should only be seeing GETs with tickets.
> >
> > >
> > > 4) This feature is in cas-server-core-3.1?
> >
> > Your best bet is to use CAS Server 3.2.1 for Single Sign Out.
> >
> > >
> > > 5) The feature defaults to "on"? The ArgumentExtractor properties are
> > > already set up?
> >
> > In CAS 3.2.1 it defaults  to on.  3.2 had an accidental bug flipping a !
> > so it was defaulted to off, but appeared to be on.
> >
> > -Scott
> >
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> >
> >
> >
> > --
> > -Scott Battaglia
> > PGP Public Key Id: 0x383733AA
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
> >
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>


-- 
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080412/1bf43518/attachment.html

More information about the cas mailing list