Hello Ray,

Thanks for the update.

I have already configured "LogoutUrl" in the service registry but the 
problem is that in response i am receiving 302 error with the other URL in 
the "Location" header.
When i fire the same logout URL from a new tab then i got logged out from 
the wordpress site but when it  is done through CAS it is not and reason 
for the same is that CAS just fires HTTP POST request once and not again 
and again when 302 error is received.
So just want to know whether is there any configuration available in CAS by 
which we can redirect CAS to fire HTTP POST this number of times? or how 
this can be done.

Thanks and Wish you a nice weekend ahead.

Regards
Neha Gupta


On Thursday, August 2, 2018 at 6:21:11 PM UTC+2, rbon wrote:
>
> Neha,
>
> By default CAS will send the logout to the URL that was used for login. If 
> Wordpress has a different URL, you can set that in the service definition, 
> https://apereo.github.io/cas/5.3.x/installation/Logout-Single-Signout.html#slo-requests
>
> Ray
>
> On Thu, 2018-08-02 at 02:52 -0700, Neha Gupta wrote:
>
> Hello Ray, 
>
> Issue is solved with the ASP application. Now when /cas/logout is called 
> from a new tab, ASP application is also getting logged out. The reason is 
> certificate as stated by you and some configuration in web.config of ASP 
> application. After activating debug traces for "org.apache.http" in 
> "log4j2.xml" came to know about the reason and finally solved.
>
> Also problem is still there with the Wordpress site. SLO is not working 
> for it. The reason for the same is that in return of HTTP POST request for 
> logout is getting response as 302 with other URL in the header field 
> "Location" and CAS is not sending again HTTP POST request. Is there any 
> configuration where we can instruct CAS to send HTTP POST request again in 
> case 302 is received. I am using WP Cassify plugin for integrating 
> Wordpress site with CAS.
>
>
> Thanks a lot for all your support.
>
>
> Regards
> Neha Gupta
>
> On Tuesday, July 31, 2018 at 5:26:38 PM UTC+2, rbon wrote: 
>
> Neha,
>
> The debug message looks like CAS is not sending the logout (are the 
> clients pac4j?).
> You have to install the certificate in java keystore. Look into keytool, 
> which comes with java, to install certificates.
>
> Ray
>
> On Mon, 2018-07-30 at 03:01 -0700, Neha Gupta wrote:
>
> Hello Ray, 
>
> Thanks for the update.
> I tried adding below configuration in the "cas.properties" file: -
>
> cas.httpClient.connectionTimeout=5000
> cas.httpClient.asyncTimeout=5000
> cas.httpClient.readTimeout=5000
> cas.httpClient.truststore.psw=changeit
> cas.httpClient.truststore.file="C:\Users\Administrator.IDIV-DEV1\.keystore"
>
> where this keystore contains the certificates of ASP app but still not 
> success. I tried putting logs in the "CasLogOff" function present in the 
> ASP app but  it is not getting hit when /cas/logout is called from a new 
> tab.
>
> Also in CAS traces i have seen below error. May be this can be the reason.
>
> 2018-07-26 11:52:36,908 DEBUG 
> [org.apereo.cas.support.pac4j.web.flow.SAML2ClientLogoutAction] - <The 
> current client is not a SAML2 client or it cannot be found at all, no 
> logout action will be executed.>
>
>
> Thanks in advance
>
> Regards
> Neha Gupta
>
>
> On Friday, July 27, 2018 at 6:41:41 PM UTC+2, rbon wrote: 
>
> Neha,
>
> Try to get some debug information from the clients.
> Does the request reach from CAS server to client (curl 
> https://idiv-dev1:3556/Account/CasLogOff)?
> Put debug statements in CasLogOff method.
> Check your certificates. Your clients trust CAS (login works) but for 
> logout, CAS needs to trust your clients.
>
> Ray
>
> On Fri, 2018-07-27 at 05:53 -0700, Neha Gupta wrote:
>
> Hello Ray, 
>
> Firing /cas/logout does not log out the applications and the traces looks 
> same.
> Below is the Logout function present in the ASP application: -
>
>  public void CasLogOff()
>         {
>             FormsAuthentication.SignOut();
>             DotNetCasClient.CasAuthentication.SingleSignOut();
>         }
>
> and below is the service registry in CAS: -
> {
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId" : "https://idiv-dev1:3556/.*";,
>   "name" : "BEXIS",
>   "id" : 10000002,
>   "description" : "This authorizes the BEXIS service.",
>    "logoutUrl" : "https://idiv-dev1:3556/Account/CasLogOff";,
>   "logoutType" : "BACK_CHANNEL",
>   "evaluationOrder" : 10001
> }
>
>
> when i call URL"https://idiv-dev1:3556/Account/CasLogOff"; in new tab then 
> i am logged out from CAS as well ASP application as defined in the function 
> but why cas is not able to make single logout.
> I am not able to get what is wrong in the configuration.
>
>
> Regards
> Neha Gupta
>
>
> On Thursday, July 26, 2018 at 6:07:47 PM UTC+2, rbon wrote: 
>
> Neha,
>
> The log says '[2] logout requests were processed'. Perhaps it is your 
> clients that are not processing the CAS logout correctly. You can go to 
> /cas/logout in a new tab, CAS log should look the same but are you logged 
> out of your apps?
>
> As for the tickets being removed, it could be your ticket store is 
> returning confusing response or that the ST was removed already (when it 
> was validated).
>
> Ray
>
> On Thu, 2018-07-26 at 07:01 -0700, Neha Gupta wrote:
>
> Hello CAS Team,
>
> I have integrated Wordpress site with CAS and i am using WPCassify plugin 
> for the same.
> Now i have another ASP application and integrated it with CAS through 
> DotNetCasClient.
>
> Now my Single SignOn is working fine with both the applications i.e if i 
> login in my wordpress website and go to ASP application then i got 
> automatically logged into my ASP application but when i logged out from any 
> of the application then i am not logged out from the other application.
>
> Attached are the traces of CAS and it seems that CAS is creating some 
> logout request and finally unable to remove the tickets. I don't have any 
> idea how to proceed further.
> Request you to please help me out
>
> Thanks in advance.
>
>
> Regards
> Neha Gupta
>
> -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca
>
>
> -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca
>
>
> -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca
>
>
> -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca <javascript:>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/08bd3d4b-3de6-4ada-b5f0-788782008a4a%40apereo.org.

Reply via email to