Any solution or workaround for the issue ? On Thu, Dec 20, 2012 at 9:34 AM, Mckenzie J <mck2...@gmail.com> wrote: > Here is the explanation of the links and flow. May be this can help us > find the cause: > > 1) I click logout in my application whihc calls /casLogout.jspa which > invokes an action class to logout from application. It appends > /j_spring_cas_security_logout to the redirected url on successful > session invalidation of application. > > 2) now this url pattern is what you see > here.(https://appURL/j_spring_cas_security_logout) Now we use this > pattern to invoke the LogoutFilter (please see the spring.xml) which > has the SecurityContextLogoutHandler as the argument bean and also the > logoutsuccessful redirection configured to call the > https://CASserver/cas-server-webapp-3.5.1/logout url. This invokes the > logout controller and my debug shows me the execution of the > handleRequestInternal method successfully and removing the cookies > part getting executed and i get the logout view but with the cookie.. > > Do you see any missing part here?Any idea of why we are again getting > a login page. And also is there anything wrong with the spring > configs. > > 1 more important thing i need to add is that we have a plugin in our > application which will redirect any incoming request ,to CAS always, > when once session is invalid or it is an anonymous user trying to gain > access.(with Anonymous authentication). You can help me in probing at > this angle as well. > > Thanks, > Mckenzie > > On Thu, Dec 20, 2012 at 7:27 AM, Scott Battaglia > <scott.battag...@gmail.com> wrote: >> I don't understand this: >> 00:00:01.351 0.088 670 167 GET 302 Redirect to: >> https://CASserver/cas-server-webapp-3.5.1/logout >> URL:https://appURL/j_spring_cas_security_logout >> - This invokes the Logout FIlter (as per the spring config shared in >> the start of the thread) Now here is the STRANGE THING >> >> Calling /cas/logout doesn't go through a filter. Its a Controller. Can you >> elaborate? >> >> >> >> On Wed, Dec 19, 2012 at 9:32 AM, Mckenzie J <mck2...@gmail.com> wrote: >>> >>> Hi Scott, i have removed the redirect to the specifiedin the >>> contructor-arg od LogutFilter. I accessed the appln again and watched >>> for the cookie transmission. PFA the Http Fox Observation: >>> >>> >>> Login >>> 00:09:59.108 0.129 883 206 POST 302 Redirect to: >>> >>> https://appURL/j_spring_cas_security_check?ticket=ST-24-2mO5yodZkuZQ2MH0c6PA-cas01.example.org >>> >>> URL: >>> >>> https://CASserver/cas-server-webapp-3.5.1/login;jsessionid=FA6B5B747837F7387A0501C8246FF7BF.node1?service=https://appURL/j_spring_cas_security_check >>> >>> CASTGC >>> TGT-22-vfqFQYn67nLrgPMfjdxnmnCgVbV3IhZ9QbRoQT5rivlpJddZgK-cas01.example.org >>> /cas-server-webapp-3.5.1/ CASserver End >>> Of Session >>> >>> Logout >>> >>> 00:00:01.077 0.268 656 219 GET 302 Redirect to: >>> https://appURL/j_spring_cas_security_logout >>> URL:https://appURL/caslogout.jspa >>> - This calls an action class which will log me out of the underlying >>> application and redirect URL to /j_spring_cas_security_logout >>> >>> >>> 00:00:01.351 0.088 670 167 GET 302 Redirect to: >>> https://CASserver/cas-server-webapp-3.5.1/logout >>> URL:https://appURL/j_spring_cas_security_logout >>> - This invokes the Logout FIlter (as per the spring config shared in >>> the start of the thread) Now here is the STRANGE THING >>> >>> PLEASE SEE THIS - I HAVE NO CLUE WHY THE LOGIN PAGE IS GETTING LOADED >>> HERE AND THIS HAS THE COOKIE SENT AND RECIEVED. How is the /logout >>> page making a call or redirect to /login page >>> >>> 00:00:01.544 0.093 565 169 GET 302 Redirect to: >>> https://CASserver/cas-server-webapp-3.5.1/login >>> URL: >>> https://CASserver/cas-server-webapp-3.5.1/css/images/header_background.png >>> Cookie Sent >>> CASTGC >>> TGT-22-vfqFQYn67nLrgPMfjdxnmnCgVbV3IhZ9QbRoQT5rivlpJddZgK-cas01.example.org >>> End >>> Of Session >>> >>> Cookie Recieved >>> CASTGC >>> TGT-22-vfqFQYn67nLrgPMfjdxnmnCgVbV3IhZ9QbRoQT5rivlpJddZgK-cas01.example.org >>> /cas-server-webapp-3.5.1 CASserver End >>> Of Session >>> >>> >>> 00:00:01.638 0.036 619 2713 GET 200 text/html >>> (NS_IMAGELIB_ERROR_NO_DECODER) >>> https://CASserver/cas-server-webapp-3.5.1/login >>> Cookie sent >>> CASTGC >>> TGT-22-vfqFQYn67nLrgPMfjdxnmnCgVbV3IhZ9QbRoQT5rivlpJddZgK-cas01.example.org >>> End >>> Of Session >>> >>> Cookie recieved >>> >>> CASTGC >>> TGT-22-vfqFQYn67nLrgPMfjdxnmnCgVbV3IhZ9QbRoQT5rivlpJddZgK-cas01.example.org >>> /cas-server-webapp-3.5.1 CASserver End >>> Of Session >>> CASTGC "" /cas-server-webapp-3.5.1/ CASserver Thu, >>> 01-Jan-1970 00:00:10 GMT >>> CASPRIVACY "" /cas-server-webapp-3.5.1/ CASserver >>> Thu, 01-Jan-1970 00:00:10 GMT >>> >>> I am sure there is something to do with the /login page as i can see >>> TICKET_GRANTING_TICKET_DESTROYED in CAS logs.Also there is another >>> exception >>> 2012-12-19 23:17:10,558 DEBUG [org.jasig.cas.util.HttpClient] - >>> <Attempting to access https://appURL/j_spring_cas_security_check> >>> 2012-12-19 23:17:10,562 WARN [org.jasig.cas.util.HttpClient] - <Error >>> Sending message to url endpoint >>> [https://appURL/j_spring_cas_security_check]. Error is [app >>> hostname]> >>> >>> 012-12-19 23:17:10,747 DEBUG >>> [org.jasig.cas.web.flow.TerminateWebSessionListener] - <Error getting >>> service from flow state.> >>> java.lang.IllegalStateException: No active FlowSession to access; this >>> FlowExecution has ended >>> at >>> org.springframework.webflow.engine.impl.FlowExecutionImpl.getActiveSession(FlowExecutionImpl.java:191) >>> >>> I am having no clue . Being a newbie to spring security and CAS and i >>> m really struggling. Please analyse the spring.xml and help me out. >>> Thanks, >>> Mckenzie >>> On Wed, Dec 19, 2012 at 7:00 PM, Scott Battaglia >>> <scott.battag...@gmail.com> wrote: >>> > You're actually getting two cookies. The original one created on login, >>> > and >>> > during logout, one is being created with an extra "/", thus you end up >>> > with >>> > two cookies instead of the original one being overwritten with an empty >>> > value. >>> > >>> > Does anything different happen if you don't send the "url" parameter? >>> > (it >>> > shouldn't but it helps to strip it down to the minimum). >>> > >>> > >>> > >>> > >>> > On Wed, Dec 19, 2012 at 8:27 AM, Mckenzie J <mck2...@gmail.com> wrote: >>> >> >>> >> No the cookie sent does not have a path . i rechecked or domain. there >>> >> is no typo:( >>> >> >>> >> On Wed, Dec 19, 2012 at 6:00 PM, Scott Battaglia >>> >> <scott.battag...@gmail.com> wrote: >>> >> > According to this your cookies have two different paths: >>> >> > >>> >> > CASTGC >>> >> > >>> >> > >>> >> > TGT-8-nnnUWE4IytFrwJX6LZfmSHu3RF7CmBewwEJPOohCtexzRnTLAQ-cas01.example.org >>> >> > /cas-server-webapp-3.5.1 End Of Session >>> >> > >>> >> > CASTGC "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 GMT >>> >> > >>> >> > Their paths should have been constructed the same way. Is that a typo >>> >> > on >>> >> > your end? >>> >> > >>> >> > >>> >> > >>> >> > On Wed, Dec 19, 2012 at 1:12 AM, Mckenzie J <mck2...@gmail.com> >>> >> > wrote: >>> >> >> >>> >> >> Hi, >>> >> >> >>> >> >> We are successfully able to logout of CAS . But We are in the >>> >> >> process >>> >> >> of a >>> >> >> seamles redirection of the CAS logout to the application again. We >>> >> >> are >>> >> >> also >>> >> >> able to achieve this as configuring the url parameter of the >>> >> >> /cas/logout >>> >> >> pointing to the application URL. >>> >> >> >>> >> >> Our spring has been configured with the service URL as >>> >> >> https://APPURL/j_spring_cas_security_check for ServiceProperties and >>> >> >> refered >>> >> >> by the casProcessingFilterEntryPoint.So the request is further >>> >> >> redirected to >>> >> >> the CAS Loginpage configured as the loginurl in the spring.xml. >>> >> >> >>> >> >> A strange thing i notice is with the cookies in the Http Fox that >>> >> >> shows >>> >> >> calling of the /cas/logout as below >>> >> >> Cookie sent : >>> >> >> >>> >> >> CASTGC >>> >> >> >>> >> >> >>> >> >> TGT-8-nnnUWE4IytFrwJX6LZfmSHu3RF7CmBewwEJPOohCtexzRnTLAQ-cas01.example.org >>> >> >> End Of Session >>> >> >> >>> >> >> Cookie Recieved: >>> >> >> >>> >> >> CASTGC >>> >> >> >>> >> >> >>> >> >> TGT-8-nnnUWE4IytFrwJX6LZfmSHu3RF7CmBewwEJPOohCtexzRnTLAQ-cas01.example.org >>> >> >> /cas-server-webapp-3.5.1 End Of Session >>> >> >> >>> >> >> CASTGC "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 GMT >>> >> >> >>> >> >> CASPRIVACY "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 >>> >> >> GMT >>> >> >> >>> >> >> There is a redirect to /login Page of CAS after this ,which shows >>> >> >> existence of the CASTGC cookie still in the browser, which ideally >>> >> >> should >>> >> >> not be. I am not sure why this redirection to /login page happens >>> >> >> and >>> >> >> also I >>> >> >> suppose this might be a cause of issue. To trace the flow , I >>> >> >> debugged >>> >> >> CAS >>> >> >> and I could see the following exception >>> >> >> java.lang.IllegalStateException: No active FlowSession to access; >>> >> >> this >>> >> >> FlowExecution has ended >>> >> >> >>> >> >> It looks like the InitialFlowSetupAction is either not setting the >>> >> >> configured service in Flowscope or there is some problem due to the >>> >> >> call of >>> >> >> /login page which interrupts the flow. >>> >> >> >>> >> >> I am looking for the solution for the following: >>> >> >> >>> >> >> 1. Is there any workaround so that i need not close my browser after >>> >> >> logging out, which will givem a seamless experience. >>> >> >> >>> >> >> 2. Does the LogoutController invoked at call of /logout clear the >>> >> >> cookies >>> >> >> even in the browser side as well. if so what is that i am missing >>> >> >> which >>> >> >> makes me see the cookie still there. >>> >> >> >>> >> >> Please provide guidance. I have attached the spring config we are >>> >> >> using. >>> >> >> If there needs any change please suggest. >>> >> >> >>> >> >> Thanks, >>> >> >> Mckenzie >>> >> >> >>> >> >> >>> >> >> >>> >> >> Regards, >>> >> >> Mckenzie >>> >> >> -- >>> >> >> You are currently subscribed to cas-dev@lists.jasig.org as: >>> >> >> scott.battag...@gmail.com >>> >> >> >>> >> >> To unsubscribe, change settings or access archives, see >>> >> >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>> >> > >>> >> > >>> >> > -- >>> >> > You are currently subscribed to cas-dev@lists.jasig.org as: >>> >> > mck2...@gmail.com >>> >> > To unsubscribe, change settings or access archives, see >>> >> > http://www.ja-sig.org/wiki/display/JSG/cas-dev >>> >> >>> >> -- >>> >> You are currently subscribed to cas-dev@lists.jasig.org as: >>> >> scott.battag...@gmail.com >>> >> To unsubscribe, change settings or access archives, see >>> >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>> > >>> > >>> > -- >>> > You are currently subscribed to cas-dev@lists.jasig.org as: >>> > mck2...@gmail.com >>> > To unsubscribe, change settings or access archives, see >>> > http://www.ja-sig.org/wiki/display/JSG/cas-dev >>> >>> -- >>> You are currently subscribed to cas-dev@lists.jasig.org as: >>> scott.battag...@gmail.com >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >> >> -- >> You are currently subscribed to cas-dev@lists.jasig.org as: >> mck2...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev
-- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
