Ben,
Cas session (TGT / TGC) and your application session are independent.
Logout requests are only sent by cas when cas/logout is visited.
Your application (cas client) must be able to receive and process the logout
request.
These loggers may help:
<!-- INFO Performing logout operations for [TGT-...]
[number] logout requests were processed
DEBUG ST, principal and URL -->
<Logger name="org.apereo.cas.logout.DefaultLogoutManager" level="info">
<Filters>
<ThresholdFilter level="INFO" onMatch="ACCEPT" onMismatch="NEUTRAL" />
<RegexFilter regex="Captured logout request.*" onMismatch="DENY" />
</Filters>
</Logger>
<!-- DEBUG Logout request will be sent to but does not print anything when
login was through SAML 1.1 -->
<Logger name="org.apereo.cas.logout.DefaultSingleLogoutServiceLogoutUrlBuilder"
level="warn" />
<!-- DEBUG preparing, processing and logout with URL and ST -->
<Logger name="org.apereo.cas.logout.slo" level="warn" />
<!-- DEBUG SAML logout payload -->
<Logger name="org.apereo.cas.logout.SamlCompliantLogoutMessageCreator"
level="warn" />
Ray
P.S. default-redirect is where cas will redirect when no service is provided at
login
On Tue, 2024-11-05 at 06:55 -0800, Ben wrote:
I'm sure I'm misunderstanding it, but in my properties, I added the following
to try to resolve the issue:
cas.view.default-redirect-url= ${cas.server.name}/cas
cas.logout.follow-service-redirects=true
cas.slo.asynchronous=true
My application is built in angular 2. Shouldn't it auto log out if the TGC is
expired similar to ng-idle?
Ben Chang
On Monday, November 4, 2024 at 9:39:44 PM UTC-5 Dmitriy Kopylenko wrote:
This could be helpful
https://apereo.github.io/cas/7.0.x/installation/Logout-Single-Signout.html
D.
On Mon, Nov 4, 2024 at 14:56 Ben <[email protected]> wrote:
I thought CAS superseded the client apps session? Is there a way to overwrite
the local session?
On Monday, November 4, 2024 at 1:38:23 PM UTC-5 Dmitriy Kopylenko wrote:
The client app could be keeping their own local session.
D.
On Mon, Nov 4, 2024 at 11:33 Ben <[email protected]> wrote:
Hello,
I am trying to set up a service to require a specific application to log out
after x (currently set to 5 as a test) seconds. I see the logs saying its
logging out, but when I click around the website, refresh, or make user
changes, I'm still logged in and it isn't requiring me to log in.
I have the following config services. I don't think anything is interfering
with the other.
"proxyPolicy":
{
"@class":
"org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
"pattern": "^https?://.*"
},
"attributeReleasePolicy" : {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true
},
"ticketGrantingTicketExpirationPolicy":
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy",
"maxTimeToLiveInSeconds":5
}
Any help would be appreciated.
Looking at
https://groups.google.com/a/apereo.org/g/cas-user/c/zvo3KBi46IU/m/fF-prmwDAQAJ,
I tried disabling SLO too and that didn't work.
The logs show the following indicating that I'm logged out (but not).
2024-11-04 06:58:37 2024-11-04 11:58:37,840 INFO
[org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
2024-11-04 06:58:37
=============================================================
2024-11-04 06:58:37 WHEN: 2024-11-04T11:58:37.840180900
2024-11-04 06:58:37 WHO: [email protected]
2024-11-04 06:58:37 WHAT: TGT-1-****************n9NDYZKzU4-localhost
2024-11-04 06:58:37 ACTION: LOGOUT_SUCCESS
2024-11-04 06:58:37 CLIENT_IP: unknown
2024-11-04 06:58:37 SERVER_IP: unknown
2024-11-04 06:58:37
=============================================================
2024-11-04 06:58:37
2024-11-04 06:58:37 >
2024-11-04 06:58:37 2024-11-04 11:58:37,840 DEBUG
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Cleaning up
expired ticket [TGT-1-****************n9NDYZKzU4-localhost]>
2024-11-04 06:58:37 2024-11-04 11:58:37,840 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing children of
ticket [TGT-1-****************n9NDYZKzU4-localhost] from the registry.>
2024-11-04 06:58:37 2024-11-04 11:58:37,840 DEBUG
[org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - <Ticket
[ST-1-****************QCJKPHUzJY-localhost] could not be found>
2024-11-04 06:58:37 2024-11-04 11:58:37,843 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket
[TGT-1-****************n9NDYZKzU4-localhost] from the registry.>
2024-11-04 06:58:37 2024-11-04 11:58:37,844 INFO
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[2] expired
tickets removed.>
2024-11-04 06:59:17 2024-11-04 11:59:17,857 INFO
[org.apereo.cas.throttle.AbstractInMemoryThrottledSubmissionHandlerInterceptorAdapter]
- <Beginning audit cleanup...>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1ccf3963-2db1-4036-86d6-ed8ec87f9e38n%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1ccf3963-2db1-4036-86d6-ed8ec87f9e38n%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/766172045a2a3c375edb45657f962b9a2ee3924d.camel%40uvic.ca.
