Logout problem

Scott Battaglia scott.battaglia at gmail.com
Tue Jul 15 10:56:44 EDT 2008 

If you need the single sign out you HAVE to use the JASIG CAS Client for
Java.  If you don't need it you can use either client, but not both.

You should also ensure that the certificates for your client applications
match the hostname of the machine they reside on.  If your client is named
"clienta" it can't be telling people its certificate is for "clientb"

-Scott

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia

On Tue, Jul 15, 2008 at 10:54 AM, Scott Battaglia <scott.battaglia at gmail.com>
wrote:

> Why are you trying to use two completely incompatible CAS clients?  Please
> choose one or the other.
>
>
>
> On Tue, Jul 15, 2008 at 10:45 AM, SMallik <kmr_shailendra at yahoo.com>
> wrote:
>
>>
>> Hi Scott,
>> Can you please look into the config files for any possible
>> mis-configuration
>> ? I could not locate any and still facing the same issues.
>> One more thing to add , may or may not be related to the SSOut problem .
>> In
>> my CAS client I have to use both the jars casclient-2.1.1 and
>> cas-client-core-3.1.3 . If I use cas-client-core-3.1.3 only I am getting
>>
>> java.lang.NoClassDefFoundError:
>> edu/yale/its/tp/cas/client/ProxyTickeValidator error
>>
>> and if I use casclient-2.1.1.jar only , I am getting
>>
>> java.lang.ClassNotFoundException:
>> org.jasig.cas.client.session.SingleSignOutHttpSessionListener.
>>
>> I am using CAS 3.2.1 , how to avoid this 2 jars problem ?
>>
>>
>>
>>
>>
>> scott_battaglia wrote:
>> >
>> > I don't know how you have anything set up.  All I can tell you is that
>> the
>> > hostname that your application is accessed under MUST match the CN of
>> the
>> > certificate that is being returned when that application is requested.
>> >
>> > -SCott
>> >
>> > -Scott Battaglia
>> > PGP Public Key Id: 0x383733AA
>> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
>> >
>> > On Mon, Jul 14, 2008 at 1:24 PM, SMallik <kmr_shailendra at yahoo.com>
>> wrote:
>> >
>> >>
>> >> Hi,
>> >> When I generate certificate in the name of "testcasa" ( machine where
>> 2nd
>> >> application is running ) and use it on testcasa, I get the following
>> >> error
>> >> :
>> >>
>> >> Your CAS credentials were rejected.
>> >> Reason: sun.security.validator.ValidatorException: PKIX path building
>> >> failed: sun.security.provider.certpath.SunCertPathBuilderException:
>> >> unable
>> >> to find valid certification path to requested target
>> >>
>> >> and then I cant access secured pages.
>> >>
>> >> But if I use testcas ( machine where 1st application and CAS are
>> running
>> >> )
>> >> generated certificate on testcasa though I can access secured pages but
>> >> on
>> >> click of logout I get the following error :
>> >>
>> >> 2008-07-14 11:31:14,189 ERROR [org.jasig.cas.util.HttpClient] -
>> >> java.io.IOException: HTTPS hostname wrong:  should be <testcasa>
>> >> java.io.IOException: HTTPS hostname wrong:  should be <testcasa> .
>> >>
>> >> Is it mandatory that all CASified applications running on different
>> >> machines
>> >> use the same certificate as the the machine on which CAS server is
>> >> running
>> >> ?
>> >> If I do the same , I get the error and If I use machine specific
>> >> certificate
>> >> then also I am getting error.
>> >>
>> >> Can you please suggest me, where I am going wrong ? I need to implement
>> >> SSOut anyhow.
>> >>
>> >> Thanks
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> View this message in context:
>> >> http://www.nabble.com/Logout-problem-tp18407195p18448728.html
>> >> Sent from the CAS Users mailing list archive at Nabble.com.
>> >>
>> >> _______________________________________________
>> >> Yale CAS mailing list
>> >> cas at tp.its.yale.edu
>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >>
>> >
>> > _______________________________________________
>> > Yale CAS mailing list
>> > cas at tp.its.yale.edu
>> > http://tp.its.yale.edu/mailman/listinfo/cas
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Logout-problem-tp18407195p18467036.html
>> Sent from the CAS Users mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080715/12901b56/attachment.html

More information about the cas mailing list