Ram, I am currently on 5.2.2. logouturl should be publicly available. If using back channel, it is CAS that is calling and not user's browser so there is no session. With front channel, you could get away with it protected but if the session ended just as the redirect happened then you get the log in page when trying to log out, that would be weird.
Ray On Wed, 2018-08-15 at 23:26 +0530, Ramakrishna G wrote: Ray, Which version of CAS are you using? I remember back channel was working fine when I was using CAS version 5.2.2 Now when I updated to 5.3 it is not working. Should logouturl be part of protected CAS resource? On Wed, Aug 15, 2018, 10:24 PM Ray Bon <r...@uvic.ca<mailto:r...@uvic.ca>> wrote: Ram, Are you sure the request is not reaching? I checked my tomcat and it will show the logout POST in the access log but apache does not. The service id is abc.domain.com<http://abc.domain.com> (where login happened), but the target logout is xyz.domain.com<http://xyz.domain.com>. Is this a typo? The only thing identifying the session to terminate is the ST. If it was sent to abc on login, then xyz will not know about it (unless you have some funky cross domain session sharing). Can you add some logging to logout.html? You can also add some data to the curl POST: message=<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-3-yqsjo-tsMJUTvMmf-o4-D-EI" Version="2.0" IssueInstant="2018-08-15T09:31:59Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-1-wtDww85p-eauhK1Obnv28JuCVrM-tomt</samlp:SessionIndex></samlp:LogoutRequest> just change the ST value. Ray On Wed, 2018-08-15 at 21:37 +0530, Ramakrishna G wrote: Ray, I have tried all possible ways but my logoutUrl is not called. This is my log <Logout type registered for [AbstractWebApplicationService(id=https://abc.domain.com/, originalUrl=https://abc.domain.com/, artifactId=null, principal=cas, source=service, loggedOutAlready=false, format=XML, attributes={})] is [BACK_CHANNEL]> 2018-08-15 21:32:12,403 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating back-channel logout request based on [DefaultLogoutRequest(ticketId=ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02, service=AbstractWebApplicationService(id=https://abc.domain.com/, originalUrl=https://abc.domain.com/, artifactId=null, principal=cas, source=service, loggedOutAlready=false, format=XML, attributes={}), status=NOT_ATTEMPTED, logoutUrl=https://xyz.domain.com/logout.html)]> 2018-08-15 21:32:12,404 DEBUG [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-3--WXquGTKlwEFb7fwvKR-GkI1" Version="2.0" IssueInstant="2018-08-15T21:32:12Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02</samlp:SessionIndex></samlp:LogoutRequest>]> 2018-08-15 21:32:12,405 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Preparing logout request for [https://abc.domain.com/] to [https://xyz.domain.com/logout.html]> 2018-08-15 21:32:12,406 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared logout message to send is [HttpMessage(url=https://xyz.domain.com/logout.html, message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-3--WXquGTKlwEFb7fwvKR-GkI1%22+Version%3D%222.0%22+IssueInstant%3D%222018-08-15T21%3A32%3A12Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E, responseCode=0, asynchronous=true, contentType=application/x-www-form-urlencoded)]. Sending...> 2018-08-15 21:32:12,452 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] - <Created HTTP post message payload [POST https://xyz.domain.com/logout.html HTTP/1.1]> 2018-08-15 21:32:12,466 INFO [org.apereo.cas.logout.DefaultLogoutManager] - <[1] logout requests were processed> 2018-08-15 21:32:12,468 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Attempting to decode [EncodedTicket(id=87a5d1181fbfe4f24bcfabf5119ad705c3ccbdb6a606ff691637b2d778174c8495a08f55b5f01ceca966934b3dea9dee0ae368114f68c3679c168fe56034b049)]> 2018-08-15 21:32:12,469 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded ticket to [TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02]> 2018-08-15 21:32:12,470 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing children of ticket [TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02] from the registry.> 2018-08-15 21:32:12,471 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removed ticket [ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02]> 2018-08-15 21:32:12,472 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket [TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02] from the registry.> 2018-08-15 21:32:12,473 DEBUG [org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing [CasTicketGrantingTicketDestroyedEvent(ticketGrantingTicket=TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02)]> 2018-08-15 21:32:12,474 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: cas WHAT: TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02 ACTION: TICKET_GRANTING_TICKET_DESTROYED APPLICATION: CAS WHEN: Wed Aug 15 21:32:12 IST 2018 CLIENT IP ADDRESS: 172.26.101.71 SERVER IP ADDRESS: 172.15.17.171 ============================================================= I am able to do curl request to " https://xyz.domain.com/logout.html " from my cas server. I don't see any log in my Apache though. I have also tried FRONT_CHANNEL but no luck. Can you please check and help me in resolving this. Thanks Ram On Mon, Aug 13, 2018 at 10:01 PM, Ray Bon <r...@uvic.ca<mailto:r...@uvic.ca>> wrote: Ramakrishna, If you have not done so already, turn up debugging on CAS and client to see if there is any hint. You may have to dig into network communications. Can you curl a post to: curl -X POST https://domain/logout.html Ray On Mon, 2018-08-13 at 16:57 +0530, Ramakrishna G wrote: Ray, I tried even with domain name. No luck!! On Fri, Aug 10, 2018 at 10:58 PM, Ray Bon <r...@uvic.ca<mailto:r...@uvic.ca>> wrote: Try with the name instead of ip. Ray On Fri, 2018-08-10 at 22:18 +0530, Ramakrishna G wrote: I am using wild card certificate. Certificate is installed in both the machine. I don't have domains created for CAS servers. I am accessing via IP. Would that be the reason? Is it necessary to communicate with CAS servers with domain name? On Fri, Aug 10, 2018, 10:00 PM Ray Bon <r...@uvic.ca<mailto:r...@uvic.ca>> wrote: Ramakrishna, This looks like a problem with certificates or network. If the certificate for webserverip is self signed, you have to add it to java keystore for CAS servers (use keytool). I know less about network issues. Ray On Fri, 2018-08-10 at 12:12 +0530, Ramakrishna G wrote: Hello all, I am using mod_auth_cas as cas client and ha cas servers. In service I have defined { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^(https)://.*", "name" : "wildcard", "id" : 1, "logoutType" : "BACK_CHANNEL", "logoutUrl" : "https://webserverip/logout.html"; } The logoutUrl is never called but logs says: Preparing to send logout request to https://webserverip/logout.html Prepared to send logout request to https://webserverip/logout.html [1] logout requests were processed But never logout.html is called. I don't know what is the mistake I am doing. Can anyone help please. Thanks -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533918628.2842.67.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533918628.2842.67.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533922111.2842.73.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533922111.2842.73.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534177908.2503.11.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534177908.2503.11.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534352063.2503.54.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534352063.2503.54.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534358602.2503.60.camel%40uvic.ca.
