Travis,
Below are the settings I used to try to get the mod_auth_cas logout to work,
but I was still unsuccessful. I guess it may have something to do with the
fact that I am using a proxy server.
Since I am using Ubuntu, my mod_auth_cas settings are in
/etc/apache2/mods-enabled/auth_cas.conf and they look like this:
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL [my cas server login url]
CASValidateURL [my cas server validate url]
CASDebug On
CASVersion 2
#Only if using SAML
#CASValidateSAML Off
#CASAttributeDelimiter ;
CASSSOEnabled On
CASCertificatePath /etc/ssl/certs
<Location />
AuthType CAS
CASAuthNHeader [my HTTP Header value]
require valid-user
CASScope /
</Location>
For my proxy server I have the logout type set to BACK_CHANNEL and my
registered service looks like this:
{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "[my proxy server url]",
"name" : "CAS-PROXY",
"id" : 8,
"description" : "Allows connections from CAS Proxy",
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"evaluationOrder" : 8,
"usernameAttributeProvider" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"logoutType" : "BACK_CHANNEL",
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
"principalAttributesRepository" : {
"@class" :
"org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository"
},
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : false
},
"accessStrategy" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
}
}
Thanks,
––––––––––––––––––––
David Abney
ITS Web Developer/Programmer
600 West Walnut Street
Danville, Kentucky 40422
859.238.5761
[email_logo]
www.centre.edu<http://www.centre.edu/>
From: Travis Schmidt [mailto:[email protected]]
Sent: Thursday, August 18, 2016 11:18 AM
To: David Abney <[email protected]>; [email protected]
Subject: Re: [cas-user] Mod_auth_cas Logout Question
Make sure "CASSSOEnabled On" is set in httpd.conf. If you are using a Service
Registry in CAS, make sure the Logout Channel is enabled and set to
BACK_CHANNEL. This is working for me, but I don't have a proxy in the middle
either.
On Thu, Aug 18, 2016 at 7:20 AM David Abney
<[email protected]<mailto:[email protected]>> wrote:
I am using mod_auth_cas v1.1 with a proxy server to login to our PaperCut
system using CAS v4.2. We can set a logout URL in PaperCut, which is set to
the CAS server logout URL. So, when I logout of PaperCut, it appears I am
logged out of PaperCut and CAS, but if I go back to the proxy server then
mod_auth_cas still logs me back into PaperCut without redirecting me to CAS to
login again.
Is there a way to logout of my session with mod_auth_cas or clear my
mod_auth_cas cookie?
Thanks,
––––––––––––––––––––
David Abney
ITS Web Developer/Programmer
600 West Walnut Street
Danville, Kentucky 40422
859.238.5761
[email_logo]
www.centre.edu<http://www.centre.edu/>
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected]<mailto:[email protected]>.
To post to this group, send email to
[email protected]<mailto:[email protected]>.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2d6df68f9efe48e2891c540e083a406b%40Exchange-MB2.centre.edu<https://groups.google.com/a/apereo.org/d/msgid/cas-user/2d6df68f9efe48e2891c540e083a406b%40Exchange-MB2.centre.edu?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/475bffec323b486b859cbffff926a7f0%40Exchange-MB2.centre.edu.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
