Thanks Ray for clarifying things. Regards Ramakrishna G
On Thu, Aug 16, 2018, 9:09 PM Ray Bon <[email protected]> wrote: > Ram, > > The back channel logout goes to the service, not the browser, so the > service needs to end the user session. The user will only know the other > tabs are logged out when they do a page refresh/request. > > Ray > > On Thu, 2018-08-16 at 20:53 +0530, Ramakrishna G wrote: > > Ray, > > I downgraded the cas version and it is working fine. Thanks for your help!! > > If I have opened same service in multiple tab of same browser, can I send > backchannel request to all the opened tabs? Apart from checking from > javascript for every 5 secound in client side, do we have some mechanism in > cas which notifies all the services which are active. > > Thanks > Ram > > > On Thu, Aug 16, 2018 at 12:13 AM, Ray Bon <[email protected]> wrote: > > Ram, > > I am currently on 5.2.2. > logouturl should be publicly available. If using back channel, it is CAS > that is calling and not user's browser so there is no session. With front > channel, you could get away with it protected but if the session ended just > as the redirect happened then you get the log in page when trying to log > out, that would be weird. > > Ray > > On Wed, 2018-08-15 at 23:26 +0530, Ramakrishna G wrote: > > Ray, > > Which version of CAS are you using? I remember back channel was working > fine when I was using CAS version 5.2.2 > > Now when I updated to 5.3 it is not working. > > Should logouturl be part of protected CAS resource? > > On Wed, Aug 15, 2018, 10:24 PM Ray Bon <[email protected]> wrote: > > Ram, > > Are you sure the request is not reaching? I checked my tomcat and it will > show the logout POST in the access log but apache does not. > The service id is abc.domain.com (where login happened), but the target > logout is xyz.domain.com. Is this a typo? The only thing identifying the > session to terminate is the ST. If it was sent to abc on login, then xyz > will not know about it (unless you have some funky cross domain session > sharing). > Can you add some logging to logout.html? > You can also add some data to the curl POST: > > message=<samlp:LogoutRequest > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > ID="LR-3-yqsjo-tsMJUTvMmf-o4-D-EI" Version="2.0" > IssueInstant="2018-08-15T09:31:59Z"><saml:NameID > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@ > </saml:NameID><samlp:SessionIndex>ST-1-wtDww85p-eauhK1Obnv28JuCVrM-tomt</samlp:SessionIndex></samlp:LogoutRequest> > > just change the ST value. > > Ray > > On Wed, 2018-08-15 at 21:37 +0530, Ramakrishna G wrote: > > Ray, > > I have tried all possible ways but my logoutUrl is not called. > > This is my log > > <Logout type registered for [AbstractWebApplicationService(id= > https://abc.domain.com/, originalUrl=https://abc.domain.com/, > artifactId=null, principal=cas, source=service, loggedOutAlready=false, > format=XML, attributes={})] is [BACK_CHANNEL]> > 2018-08-15 21:32:12,403 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - > <Creating back-channel logout request based on > [DefaultLogoutRequest(ticketId=ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02, > service=AbstractWebApplicationService(id=https://abc.domain.com/, > originalUrl=https://abc.domain.com/, artifactId=null, principal=cas, > source=service, loggedOutAlready=false, format=XML, attributes={}), > status=NOT_ATTEMPTED, logoutUrl=https://xyz.domain.com/logout.html)]> > 2018-08-15 21:32:12,404 DEBUG > [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated > logout message: [<samlp:LogoutRequest > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > ID="LR-3--WXquGTKlwEFb7fwvKR-GkI1" Version="2.0" > IssueInstant="2018-08-15T21:32:12Z"><saml:NameID > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@ > </saml:NameID><samlp:SessionIndex>ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02</samlp:SessionIndex></samlp:LogoutRequest>]> > 2018-08-15 21:32:12,405 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - > <Preparing logout request for [https://abc.domain.com/] to [ > https://xyz.domain.com/logout.html]> > 2018-08-15 21:32:12,406 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - > <Prepared logout message to send is [HttpMessage(url= > https://xyz.domain.com/logout.html, > message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-3--WXquGTKlwEFb7fwvKR-GkI1%22+Version%3D%222.0%22+IssueInstant%3D%222018-08-15T21%3A32%3A12Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E, > responseCode=0, asynchronous=true, > contentType=application/x-www-form-urlencoded)]. Sending...> > 2018-08-15 21:32:12,452 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] > - <Created HTTP post message payload [POST > https://xyz.domain.com/logout.html HTTP/1.1]> > 2018-08-15 21:32:12,466 INFO [org.apereo.cas.logout.DefaultLogoutManager] > - <[1] logout requests were processed> > 2018-08-15 21:32:12,468 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Attempting to > decode > [EncodedTicket(id=87a5d1181fbfe4f24bcfabf5119ad705c3ccbdb6a606ff691637b2d778174c8495a08f55b5f01ceca966934b3dea9dee0ae368114f68c3679c168fe56034b049)]> > 2018-08-15 21:32:12,469 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded ticket > to > [TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02]> > 2018-08-15 21:32:12,470 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing > children of ticket > [TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02] > from the registry.> > 2018-08-15 21:32:12,471 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removed ticket > [ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02]> > 2018-08-15 21:32:12,472 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket > [TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02] > from the registry.> > 2018-08-15 21:32:12,473 DEBUG > [org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing > [CasTicketGrantingTicketDestroyedEvent(ticketGrantingTicket=TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02)]> > 2018-08-15 21:32:12,474 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: cas > WHAT: > TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02 > ACTION: TICKET_GRANTING_TICKET_DESTROYED > APPLICATION: CAS > WHEN: Wed Aug 15 21:32:12 IST 2018 > CLIENT IP ADDRESS: 172.26.101.71 > SERVER IP ADDRESS: 172.15.17.171 > ============================================================= > > I am able to do curl request to " https://xyz.domain.com/logout.html " > from my cas server. > > > I don't see any log in my Apache though. I have also tried FRONT_CHANNEL > but no luck. > > Can you please check and help me in resolving this. > > Thanks > Ram > > > > On Mon, Aug 13, 2018 at 10:01 PM, Ray Bon <[email protected]> wrote: > > Ramakrishna, > > If you have not done so already, turn up debugging on CAS and client to > see if there is any hint. You may have to dig into network communications. > Can you curl a post to: > curl -X POST https://domain/logout.html > > Ray > > On Mon, 2018-08-13 at 16:57 +0530, Ramakrishna G wrote: > > Ray, > > I tried even with domain name. No luck!! > > > > > > > On Fri, Aug 10, 2018 at 10:58 PM, Ray Bon <[email protected]> wrote: > > Try with the name instead of ip. > > Ray > > On Fri, 2018-08-10 at 22:18 +0530, Ramakrishna G wrote: > > I am using wild card certificate. Certificate is installed in both the > machine. I don't have domains created for CAS servers. I am accessing via > IP. Would that be the reason? Is it necessary to communicate with CAS > servers with domain name? > > On Fri, Aug 10, 2018, 10:00 PM Ray Bon <[email protected]> wrote: > > Ramakrishna, > > This looks like a problem with certificates or network. If the certificate > for webserverip is self signed, you have to add it to java keystore for CAS > servers (use keytool). I know less about network issues. > > Ray > > On Fri, 2018-08-10 at 12:12 +0530, Ramakrishna G wrote: > > Hello all, > > I am using mod_auth_cas as cas client and ha cas servers. In service I > have defined > > { > "@class" : "org.apereo.cas.services.RegexRegisteredService", > "serviceId" : "^(https)://.*", > "name" : "wildcard", > "id" : 1, > "logoutType" : "BACK_CHANNEL", > "logoutUrl" : "https://webserverip/logout.html"; > } > > The logoutUrl is never called but logs says: > > Preparing to send logout request to https://webserverip/logout.html > Prepared to send logout request to https://webserverip/logout.html > [1] logout requests were processed > > But never logout.html is called. I don't know what is the mistake I am > doing. > > Can anyone help please. > > Thanks > > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533918628.2842.67.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533918628.2842.67.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533922111.2842.73.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533922111.2842.73.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534177908.2503.11.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534177908.2503.11.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534352063.2503.54.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534352063.2503.54.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534358602.2503.60.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534358602.2503.60.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534433949.2503.66.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534433949.2503.66.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P_2J7d-VcCCXVHAFbAA8zWCqVoOSs1URbomiykgkxmXaw%40mail.gmail.com.
