[LIKELY_SPAM]Re: CAS Server 3.2.1 - Single Sign Out questions...

Wyles, Eric EWyles at uams.edu
Mon Aug 18 09:46:42 EDT 2008 

Here is what I see in my apache ssl request log where I have the php page
running:

 

 

When I initially hit the page and get redirected to CAS and log in, I see
this:

 

[18/Aug/2008:08:39:43 -0500] <ip address snipped> TLSv1 DHE-RSA-AES256-SHA
"GET /testcas.php HTTP/1.1" 491

[18/Aug/2008:08:39:54 -0500] <ip address snipped>TLSv1 DHE-RSA-AES256-SHA
"GET /testcas.php?ticket=ST-1-axloMMkDVDCKEmcS5pGo-cas HTTP/1.1" 148

[18/Aug/2008:08:39:56 -0500] <ip address snipped>TLSv1 DHE-RSA-AES256-SHA
"GET /favicon.ico HTTP/1.1" 30894

 

 

But then, after I manually type in the url to my CAS /logout page, I don't
get any other messages in the apache request logs for my php page.

 

 

 

________________________________

From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On
Behalf Of Scott Battaglia
Sent: Monday, August 18, 2008 8:21 AM
To: Yale CAS mailing list
Subject: [LIKELY_SPAM]Re: CAS Server 3.2.1 - Single Sign Out questions...

 

On Mon, Aug 18, 2008 at 8:33 AM, Wyles, Eric <EWyles at uams.edu> wrote:

	Scott,

	 

	Do you know if this is the correct version of phpCAS? Do I have to do
some special configuration to get Single Sign Out to be enabled or should it
"just work" so to speak?

I'm not familiar with phpCAS.  Maybe Pascal can respond. 

	 

	I am not seeing anything in my apache access log to indicate that my
phpCAS page is even receiving a logout request after I visit the /logout page
on the CAS server. 

It would look like a request to the service url with the ticket id attached.
Its not going to be a special url. 

-Scott

	 

	 

	
________________________________


	From: Wyles, Eric 
	Sent: Friday, August 15, 2008 3:11 PM

	
	To: 'Yale CAS mailing list'

	Subject: Re: CAS Server 3.2.1 - Single Sign Out questions...

	 

	I am using the 1.0.0 version from here:
http://www.ja-sig.org/downloads/cas-clients/php/1.0.0/CAS-1.0.0.tgz
<http://www.ja-sig.org/downloads/cas-clients/php/1.0.0/CAS-1.0.0.tgz> 

	 

	I admit, I had a hard time figuring out if it was the version that
supported Single Sign Out or not.

	 

	I'm not sure what to look for in the code,  I can see functions
related to processing logout requests but I'm not sure if that is related to
Single Sign Out or just the local sign out from the php session.

	 

	 

	
________________________________


	From: cas-bounces at tp.its.yale.edu
[mailto:cas-bounces at tp.its.yale.edu] On Behalf Of Scott Battaglia
	Sent: Friday, August 15, 2008 2:49 PM
	To: Yale CAS mailing list
	Subject: [LIKELY_SPAM]Re: CAS Server 3.2.1 - Single Sign Out
questions...

	 

	Are you using the phpCAS version that supports Single Sign Out?
	
	-Scott
	
	-Scott Battaglia
	PGP Public Key Id: 0x383733AA
	LinkedIn: http://www.linkedin.com/in/scottbattaglia

	On Fri, Aug 15, 2008 at 3:37 PM, Wyles, Eric <EWyles at uams.edu> wrote:

	I think it was probably bad timing that I originally posted this just
before the 3.3 version was released. I think everyone has been
(understandably) busy with that.

	 

	If anyone has any ideas about what I'm doing wrong below, I would
appreciate the help.

	 

	Thanks

	 

	
________________________________


	From: cas-bounces at tp.its.yale.edu
[mailto:cas-bounces at tp.its.yale.edu] On Behalf Of Wyles, Eric
	Sent: Wednesday, August 13, 2008 12:13 PM
	To: cas at tp.its.yale.edu
	Subject: CAS Server 3.2.1 - Single Sign Out questions...

	 

	Hello,

	 

	I have installed cas server 3.2.1. I am running the cas-server-webapp
application on Tomcat 5.5. The only change I have made is to enable a
FastBindLdapAuthenticator, otherwise, the cas-server-webapp is just how it
came out of the box.

	 

	I'm trying to test Single Sign Out. Here is what I'm doing:

	 

	I have a simple PHP page running under apache using phpCAS. That is
on https://mymachine/testcas.php. It works great for signing in. I can hit
https://mymachine/testcas.php and then I'm redirected to my CAS login page at
https://mymachine:8443/cas/login. After I enter my credentials, I'm sent back
to my PHP page and it now knows who I am. 

	 

	My next step was to test single sign out functionality. I don't know
if I need to configure something to support this or if I have a poor test
case or what the deal is exactly. Here are my steps:

	 

	1 - Go to https://mymachine/testcas.php

	2 - I am redirected to https://mymachine:8443/cas/login where I enter
my credentials

	3 - I am then redirected back to https://mymachine/testcas.php (with
ticket information) and my testcas.php uses the ticket to figure out who I
am.

	4 - I then manually go to https://mymachine:8443/cas/logout and I see
the CAS "logout successful" message

	5 - Then, I manually go back to https://mymachine/testcas.php and it
still considers me to be logged in.

	 

	Also, I don't see anything in my apache access logs to indicate that
the CAS server posted a sign out request to my testcas.php page.

	 

	Is this a good test? 

	 

	Is there something I need to configure to enable single sign out?

	 

	I am pasting my testcas.php code below. Any advise would be
appreciated.

	 

	Thanks,

	Eric

	 

	 

	<?php

	 

	include_once('CAS.php');

	 

	phpCAS::setDebug();

	phpCAS::client(CAS_VERSION_2_0,'mymachine',8443,'cas');

	phpCAS::setNoCasServerValidation();

	phpCAS::forceAuthentication();

	if (isset($_REQUEST['logout'])) {

	            phpCAS::logout();

	}

	?>

	 

	<html>

	<head>

	</head>

	<body>

	<div id="page">

	                        <?php echo phpCAS::getUser(); ?> logged in.

	</div>

	</body>

	</html>

	Confidentiality Notice: This e-mail message, including any
attachments, is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all copies
of the original message.
	Confidentiality Notice: This e-mail message, including any
attachments, is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all copies
of the original message.

	
	_______________________________________________
	Yale CAS mailing list
	cas at tp.its.yale.edu
	http://tp.its.yale.edu/mailman/listinfo/cas

	 

	Confidentiality Notice: This e-mail message, including any
attachments, is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all copies
of the original message.

	
	_______________________________________________
	Yale CAS mailing list
	cas at tp.its.yale.edu
	http://tp.its.yale.edu/mailman/listinfo/cas

 


Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080818/fa513034/attachment.html

More information about the cas mailing list