Hi Scott, i have removed the redirect to the specifiedin the contructor-arg od LogutFilter. I accessed the appln again and watched for the cookie transmission. PFA the Http Fox Observation:
Login 00:09:59.108 0.129 883 206 POST 302 Redirect to: https://appURL/j_spring_cas_security_check?ticket=ST-24-2mO5yodZkuZQ2MH0c6PA-cas01.example.org URL: https://CASserver/cas-server-webapp-3.5.1/login;jsessionid=FA6B5B747837F7387A0501C8246FF7BF.node1?service=https://appURL/j_spring_cas_security_check CASTGC TGT-22-vfqFQYn67nLrgPMfjdxnmnCgVbV3IhZ9QbRoQT5rivlpJddZgK-cas01.example.org /cas-server-webapp-3.5.1/ CASserver End Of Session Logout 00:00:01.077 0.268 656 219 GET 302 Redirect to: https://appURL/j_spring_cas_security_logout URL:https://appURL/caslogout.jspa - This calls an action class which will log me out of the underlying application and redirect URL to /j_spring_cas_security_logout 00:00:01.351 0.088 670 167 GET 302 Redirect to: https://CASserver/cas-server-webapp-3.5.1/logout URL:https://appURL/j_spring_cas_security_logout - This invokes the Logout FIlter (as per the spring config shared in the start of the thread) Now here is the STRANGE THING PLEASE SEE THIS - I HAVE NO CLUE WHY THE LOGIN PAGE IS GETTING LOADED HERE AND THIS HAS THE COOKIE SENT AND RECIEVED. How is the /logout page making a call or redirect to /login page 00:00:01.544 0.093 565 169 GET 302 Redirect to: https://CASserver/cas-server-webapp-3.5.1/login URL: https://CASserver/cas-server-webapp-3.5.1/css/images/header_background.png Cookie Sent CASTGC TGT-22-vfqFQYn67nLrgPMfjdxnmnCgVbV3IhZ9QbRoQT5rivlpJddZgK-cas01.example.org End Of Session Cookie Recieved CASTGC TGT-22-vfqFQYn67nLrgPMfjdxnmnCgVbV3IhZ9QbRoQT5rivlpJddZgK-cas01.example.org /cas-server-webapp-3.5.1 CASserver End Of Session 00:00:01.638 0.036 619 2713 GET 200 text/html (NS_IMAGELIB_ERROR_NO_DECODER) https://CASserver/cas-server-webapp-3.5.1/login Cookie sent CASTGC TGT-22-vfqFQYn67nLrgPMfjdxnmnCgVbV3IhZ9QbRoQT5rivlpJddZgK-cas01.example.org End Of Session Cookie recieved CASTGC TGT-22-vfqFQYn67nLrgPMfjdxnmnCgVbV3IhZ9QbRoQT5rivlpJddZgK-cas01.example.org /cas-server-webapp-3.5.1 CASserver End Of Session CASTGC "" /cas-server-webapp-3.5.1/ CASserver Thu, 01-Jan-1970 00:00:10 GMT CASPRIVACY "" /cas-server-webapp-3.5.1/ CASserver Thu, 01-Jan-1970 00:00:10 GMT I am sure there is something to do with the /login page as i can see TICKET_GRANTING_TICKET_DESTROYED in CAS logs.Also there is another exception 2012-12-19 23:17:10,558 DEBUG [org.jasig.cas.util.HttpClient] - <Attempting to access https://appURL/j_spring_cas_security_check> 2012-12-19 23:17:10,562 WARN [org.jasig.cas.util.HttpClient] - <Error Sending message to url endpoint [https://appURL/j_spring_cas_security_check]. Error is [app hostname]> 012-12-19 23:17:10,747 DEBUG [org.jasig.cas.web.flow.TerminateWebSessionListener] - <Error getting service from flow state.> java.lang.IllegalStateException: No active FlowSession to access; this FlowExecution has ended at org.springframework.webflow.engine.impl.FlowExecutionImpl.getActiveSession(FlowExecutionImpl.java:191) I am having no clue . Being a newbie to spring security and CAS and i m really struggling. Please analyse the spring.xml and help me out. Thanks, Mckenzie On Wed, Dec 19, 2012 at 7:00 PM, Scott Battaglia <scott.battag...@gmail.com> wrote: > You're actually getting two cookies. The original one created on login, and > during logout, one is being created with an extra "/", thus you end up with > two cookies instead of the original one being overwritten with an empty > value. > > Does anything different happen if you don't send the "url" parameter? (it > shouldn't but it helps to strip it down to the minimum). > > > > > On Wed, Dec 19, 2012 at 8:27 AM, Mckenzie J <mck2...@gmail.com> wrote: >> >> No the cookie sent does not have a path . i rechecked or domain. there >> is no typo:( >> >> On Wed, Dec 19, 2012 at 6:00 PM, Scott Battaglia >> <scott.battag...@gmail.com> wrote: >> > According to this your cookies have two different paths: >> > >> > CASTGC >> > >> > TGT-8-nnnUWE4IytFrwJX6LZfmSHu3RF7CmBewwEJPOohCtexzRnTLAQ-cas01.example.org >> > /cas-server-webapp-3.5.1 End Of Session >> > >> > CASTGC "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 GMT >> > >> > Their paths should have been constructed the same way. Is that a typo on >> > your end? >> > >> > >> > >> > On Wed, Dec 19, 2012 at 1:12 AM, Mckenzie J <mck2...@gmail.com> wrote: >> >> >> >> Hi, >> >> >> >> We are successfully able to logout of CAS . But We are in the process >> >> of a >> >> seamles redirection of the CAS logout to the application again. We are >> >> also >> >> able to achieve this as configuring the url parameter of the >> >> /cas/logout >> >> pointing to the application URL. >> >> >> >> Our spring has been configured with the service URL as >> >> https://APPURL/j_spring_cas_security_check for ServiceProperties and >> >> refered >> >> by the casProcessingFilterEntryPoint.So the request is further >> >> redirected to >> >> the CAS Loginpage configured as the loginurl in the spring.xml. >> >> >> >> A strange thing i notice is with the cookies in the Http Fox that shows >> >> calling of the /cas/logout as below >> >> Cookie sent : >> >> >> >> CASTGC >> >> >> >> TGT-8-nnnUWE4IytFrwJX6LZfmSHu3RF7CmBewwEJPOohCtexzRnTLAQ-cas01.example.org >> >> End Of Session >> >> >> >> Cookie Recieved: >> >> >> >> CASTGC >> >> >> >> TGT-8-nnnUWE4IytFrwJX6LZfmSHu3RF7CmBewwEJPOohCtexzRnTLAQ-cas01.example.org >> >> /cas-server-webapp-3.5.1 End Of Session >> >> >> >> CASTGC "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 GMT >> >> >> >> CASPRIVACY "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 GMT >> >> >> >> There is a redirect to /login Page of CAS after this ,which shows >> >> existence of the CASTGC cookie still in the browser, which ideally >> >> should >> >> not be. I am not sure why this redirection to /login page happens and >> >> also I >> >> suppose this might be a cause of issue. To trace the flow , I debugged >> >> CAS >> >> and I could see the following exception >> >> java.lang.IllegalStateException: No active FlowSession to access; this >> >> FlowExecution has ended >> >> >> >> It looks like the InitialFlowSetupAction is either not setting the >> >> configured service in Flowscope or there is some problem due to the >> >> call of >> >> /login page which interrupts the flow. >> >> >> >> I am looking for the solution for the following: >> >> >> >> 1. Is there any workaround so that i need not close my browser after >> >> logging out, which will givem a seamless experience. >> >> >> >> 2. Does the LogoutController invoked at call of /logout clear the >> >> cookies >> >> even in the browser side as well. if so what is that i am missing which >> >> makes me see the cookie still there. >> >> >> >> Please provide guidance. I have attached the spring config we are >> >> using. >> >> If there needs any change please suggest. >> >> >> >> Thanks, >> >> Mckenzie >> >> >> >> >> >> >> >> Regards, >> >> Mckenzie >> >> -- >> >> You are currently subscribed to cas-dev@lists.jasig.org as: >> >> scott.battag...@gmail.com >> >> >> >> To unsubscribe, change settings or access archives, see >> >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> > >> > >> > -- >> > You are currently subscribed to cas-dev@lists.jasig.org as: >> > mck2...@gmail.com >> > To unsubscribe, change settings or access archives, see >> > http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >> -- >> You are currently subscribed to cas-dev@lists.jasig.org as: >> scott.battag...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > mck2...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
