Thanks Ray for clarifying things. Regards Ramakrishna G
On Thu, Aug 16, 2018, 9:09 PM Ray Bon <r...@uvic.ca> wrote: > Ram, > > The back channel logout goes to the service, not the browser, so the > service needs to end the user session. The user will only know the other > tabs are logged out when they do a page refresh/request. > > Ray > > On Thu, 2018-08-16 at 20:53 +0530, Ramakrishna G wrote: > > Ray, > > I downgraded the cas version and it is working fine. Thanks for your help!! > > If I have opened same service in multiple tab of same browser, can I send > backchannel request to all the opened tabs? Apart from checking from > javascript for every 5 secound in client side, do we have some mechanism in > cas which notifies all the services which are active. > > Thanks > Ram > > > On Thu, Aug 16, 2018 at 12:13 AM, Ray Bon <r...@uvic.ca> wrote: > > Ram, > > I am currently on 5.2.2. > logouturl should be publicly available. If using back channel, it is CAS > that is calling and not user's browser so there is no session. With front > channel, you could get away with it protected but if the session ended just > as the redirect happened then you get the log in page when trying to log > out, that would be weird. > > Ray > > On Wed, 2018-08-15 at 23:26 +0530, Ramakrishna G wrote: > > Ray, > > Which version of CAS are you using? I remember back channel was working > fine when I was using CAS version 5.2.2 > > Now when I updated to 5.3 it is not working. > > Should logouturl be part of protected CAS resource? > > On Wed, Aug 15, 2018, 10:24 PM Ray Bon <r...@uvic.ca> wrote: > > Ram, > > Are you sure the request is not reaching? I checked my tomcat and it will > show the logout POST in the access log but apache does not. > The service id is abc.domain.com (where login happened), but the target > logout is xyz.domain.com. Is this a typo? The only thing identifying the > session to terminate is the ST. If it was sent to abc on login, then xyz > will not know about it (unless you have some funky cross domain session > sharing). > Can you add some logging to logout.html? > You can also add some data to the curl POST: > > message=<samlp:LogoutRequest > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > ID="LR-3-yqsjo-tsMJUTvMmf-o4-D-EI" Version="2.0" > IssueInstant="2018-08-15T09:31:59Z"><saml:NameID > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@ > </saml:NameID><samlp:SessionIndex>ST-1-wtDww85p-eauhK1Obnv28JuCVrM-tomt</samlp:SessionIndex></samlp:LogoutRequest> > > just change the ST value. > > Ray > > On Wed, 2018-08-15 at 21:37 +0530, Ramakrishna G wrote: > > Ray, > > I have tried all possible ways but my logoutUrl is not called. > > This is my log > > <Logout type registered for [AbstractWebApplicationService(id= > https://abc.domain.com/, originalUrl=https://abc.domain.com/, > artifactId=null, principal=cas, source=service, loggedOutAlready=false, > format=XML, attributes={})] is [BACK_CHANNEL]> > 2018-08-15 21:32:12,403 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - > <Creating back-channel logout request based on > [DefaultLogoutRequest(ticketId=ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02, > service=AbstractWebApplicationService(id=https://abc.domain.com/, > originalUrl=https://abc.domain.com/, artifactId=null, principal=cas, > source=service, loggedOutAlready=false, format=XML, attributes={}), > status=NOT_ATTEMPTED, logoutUrl=https://xyz.domain.com/logout.html)]> > 2018-08-15 21:32:12,404 DEBUG > [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated > logout message: [<samlp:LogoutRequest > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > ID="LR-3--WXquGTKlwEFb7fwvKR-GkI1" Version="2.0" > IssueInstant="2018-08-15T21:32:12Z"><saml:NameID > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@ > </saml:NameID><samlp:SessionIndex>ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02</samlp:SessionIndex></samlp:LogoutRequest>]> > 2018-08-15 21:32:12,405 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - > <Preparing logout request for [https://abc.domain.com/] to [ > https://xyz.domain.com/logout.html]> > 2018-08-15 21:32:12,406 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - > <Prepared logout message to send is [HttpMessage(url= > https://xyz.domain.com/logout.html, > message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-3--WXquGTKlwEFb7fwvKR-GkI1%22+Version%3D%222.0%22+IssueInstant%3D%222018-08-15T21%3A32%3A12Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E, > responseCode=0, asynchronous=true, > contentType=application/x-www-form-urlencoded)]. Sending...> > 2018-08-15 21:32:12,452 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] > - <Created HTTP post message payload [POST > https://xyz.domain.com/logout.html HTTP/1.1]> > 2018-08-15 21:32:12,466 INFO [org.apereo.cas.logout.DefaultLogoutManager] > - <[1] logout requests were processed> > 2018-08-15 21:32:12,468 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Attempting to > decode > [EncodedTicket(id=87a5d1181fbfe4f24bcfabf5119ad705c3ccbdb6a606ff691637b2d778174c8495a08f55b5f01ceca966934b3dea9dee0ae368114f68c3679c168fe56034b049)]> > 2018-08-15 21:32:12,469 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded ticket > to > [TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02]> > 2018-08-15 21:32:12,470 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing > children of ticket > [TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02] > from the registry.> > 2018-08-15 21:32:12,471 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removed ticket > [ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02]> > 2018-08-15 21:32:12,472 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket > [TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02] > from the registry.> > 2018-08-15 21:32:12,473 DEBUG > [org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing > [CasTicketGrantingTicketDestroyedEvent(ticketGrantingTicket=TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02)]> > 2018-08-15 21:32:12,474 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: cas > WHAT: > TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02 > ACTION: TICKET_GRANTING_TICKET_DESTROYED > APPLICATION: CAS > WHEN: Wed Aug 15 21:32:12 IST 2018 > CLIENT IP ADDRESS: 172.26.101.71 > SERVER IP ADDRESS: 172.15.17.171 > ============================================================= > > I am able to do curl request to " https://xyz.domain.com/logout.html " > from my cas server. > > > I don't see any log in my Apache though. I have also tried FRONT_CHANNEL > but no luck. > > Can you please check and help me in resolving this. > > Thanks > Ram > > > > On Mon, Aug 13, 2018 at 10:01 PM, Ray Bon <r...@uvic.ca> wrote: > > Ramakrishna, > > If you have not done so already, turn up debugging on CAS and client to > see if there is any hint. You may have to dig into network communications. > Can you curl a post to: > curl -X POST https://domain/logout.html > > Ray > > On Mon, 2018-08-13 at 16:57 +0530, Ramakrishna G wrote: > > Ray, > > I tried even with domain name. No luck!! > > > > > > > On Fri, Aug 10, 2018 at 10:58 PM, Ray Bon <r...@uvic.ca> wrote: > > Try with the name instead of ip. > > Ray > > On Fri, 2018-08-10 at 22:18 +0530, Ramakrishna G wrote: > > I am using wild card certificate. Certificate is installed in both the > machine. I don't have domains created for CAS servers. I am accessing via > IP. Would that be the reason? Is it necessary to communicate with CAS > servers with domain name? > > On Fri, Aug 10, 2018, 10:00 PM Ray Bon <r...@uvic.ca> wrote: > > Ramakrishna, > > This looks like a problem with certificates or network. If the certificate > for webserverip is self signed, you have to add it to java keystore for CAS > servers (use keytool). I know less about network issues. > > Ray > > On Fri, 2018-08-10 at 12:12 +0530, Ramakrishna G wrote: > > Hello all, > > I am using mod_auth_cas as cas client and ha cas servers. In service I > have defined > > { > "@class" : "org.apereo.cas.services.RegexRegisteredService", > "serviceId" : "^(https)://.*", > "name" : "wildcard", > "id" : 1, > "logoutType" : "BACK_CHANNEL", > "logoutUrl" : "https://webserverip/logout.html"; > } > > The logoutUrl is never called but logs says: > > Preparing to send logout request to https://webserverip/logout.html > Prepared to send logout request to https://webserverip/logout.html > [1] logout requests were processed > > But never logout.html is called. I don't know what is the mistake I am > doing. > > Can anyone help please. > > Thanks > > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533918628.2842.67.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533918628.2842.67.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533922111.2842.73.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533922111.2842.73.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534177908.2503.11.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534177908.2503.11.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534352063.2503.54.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534352063.2503.54.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534358602.2503.60.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534358602.2503.60.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534433949.2503.66.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534433949.2503.66.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P_2J7d-VcCCXVHAFbAA8zWCqVoOSs1URbomiykgkxmXaw%40mail.gmail.com.
