Jennifer, The callback is still in the sandbox and there are no clients that support it. You would not only need to modify the CAS server but also any client that you wanted to accept the callback.
-Scott Jennifer Yang wrote: > Scott, > > I saw the following on ja-sig post from April of last year. > > "CAS 3 m3 introduces single signout via callback. We want to introduce > a CAS 3 protocol to eliminate the need to define a callback for each > service." > http://www.ja-sig.org/issues/browse/CAS-126?page=history > > Has this been worked out yet? Also, it says CAS m3 has single signout > via callback. Can you point me to some documentation how to plug in > this callback? > > Thank you! > --Jennifer > > > > On 7/26/06, *Jennifer Yang* < [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Another followup question. > > So if we have multiple apps linked with CAS SSO, cas/logout kills > single sign on session. However, how can I kill all the apps > already signed in previously with CAS before the logout? If CAS > can determine if a single sign on session is valid or not, can't > our app query CAS? But this seems expensive that the app needs to > query CAS for each access... Any suggestion as to how to > implement single sign OFF? > > Thanks, > Jennifer > > > > On 7/26/06, *Jennifer Yang* < [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > I must have used http. I thought I tried https. :-) > It works with https. Thank you!! > > Out of curiousity, how does CAS validate multiple apps? > Initially, I thought it validated the ticket issued at initial > sign on, but looking at the log, it seems to issue different > ticket for each app. > > Another question. Is there any way to run CAS in non-SSL mode? > > Thanks, > --Jennifer > > > On 7/26/06, *Scott Battaglia* < [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Logging out of CAS is designed to kill your single sign on > session (not > your individual application sessions) so that if you try > and access > another CASified application (that you haven't logged into > yet) you will > be prompted for your credentials again. > > CAS uses secure cookies however, so if you access the > Logout page via > http instead of https your cookie will not be destroyed as > it was never > sent to the server. > > -Scott > > > Kris Melotte wrote: > > Is there a difference regarding logout when you are using > http versus > > https? > > > > I thought that the fact you can still login after the > logout to an > > (authenticated) application is because the JA-SIG client > does not check > > anymore with the CAS server after validation of the > initial ticket. > > > > As the authentication information is already in the > session of the SSO > > authenticated application, the filter will pass you > through without > > checking again with the CAS server if the SSO is still > valid. > > > > I thought that this behavior was the reason why the cas > logout page > > mentions to "exit your browser for security reasons"? > > > > Regards, > > Kris > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > [mailto: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>] On Behalf Of > Scott Battaglia > > Sent: Wednesday, July 26, 2006 2:16 PM > > To: Mailing list for CAS developers > > Subject: Re: [cas-dev] CAS logout > > > > Jennifer, > > > > Did you access the logout page via http or https? > > > > -Scott > > > > Jennifer Yang wrote: > > > > > >> Hello, > >> > >> I am trying to implement logout. > >> > >> I found the following thread, but I am not seeing the > same behavior. > >> > http://tp.its.yale.edu/pipermail/cas/2005-February/001010.html > >> > >> According to this, hitting /cas/logout should prevent > the previously > >> authenticated user from accessing another webapp without > signing on > >> again. Here is what I tried and the behavior. > >> > >> I have two webapps (using jsp-examples and > servlet-examples supplied > >> by Tomcat) both setup to use CASFilter. > >> > >> 1. I enter one of the jsp-examples url in the browser. > >> 2. I get JA-SIG login page and I log in successfully. > >> 3. I get redirected to the jsp-examples I was trying > access in step 1. > >> 4. I logoff via /cas/logout and get a JA-SIG > "successfully logged > >> > > off". > > > >> 5. I enter one of the servlet-examples (a different > webapp from step > >> 1). I expected to get another JA-SIG login page, but I > get my > >> servlet-examples without being re-authenticated. > >> > >> Am I missing something? > >> > >> Also, what is the best way to implement single-sign-out? > >> > >> Thanks very much! > >> --Jennifer > >> > >> > > ----------------------------------------------------------------------- > >> > > - > > > >> _______________________________________________ > >> cas-dev mailing list > >> [email protected] <mailto:[email protected]> > >> http://tp.its.yale.edu/mailman/listinfo/cas-dev > >> > >> > >> > > _______________________________________________ > > cas-dev mailing list > > [email protected] <mailto:[email protected]> > > http://tp.its.yale.edu/mailman/listinfo/cas-dev > > > > > > _______________________________________________ > > cas-dev mailing list > > [email protected] <mailto:[email protected]> > > http://tp.its.yale.edu/mailman/listinfo/cas-dev > <http://tp.its.yale.edu/mailman/listinfo/cas-dev> > > > _______________________________________________ > cas-dev mailing list > [email protected] <mailto:[email protected]> > http://tp.its.yale.edu/mailman/listinfo/cas-dev > <http://tp.its.yale.edu/mailman/listinfo/cas-dev> > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > cas-dev mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas-dev > _______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev
