Thanks!
So the main thing is that I’m trying to use it for a specific application so I created a service to target the specific application (assuming I have the serviceID right). When I do the non TGT logout via clicking the links on the application to the back-end, it works fine so my application knows how to handle the request. I tried changing the timeout to 125, but that didn't seem to do anything. Also, when you mean cas/logout, do you mean the back end call? I do see that when the timeout "occurs", it cant seem to find the server and client ips. Is that maybe a cause? When I log in, it has client and server IPs 2024-11-07 09:41:04 ============================================================= 2024-11-07 09:41:04 WHEN: 2024-11-07T14:41:04.250032600 2024-11-07 09:41:04 WHO: omitted 2024-11-07 09:41:04 WHAT: omitted 2024-11-07 09:41:04 ACTION: LOGOUT_SUCCESS 2024-11-07 09:41:04 CLIENT_IP: unknown 2024-11-07 09:41:04 SERVER_IP: unknown 2024-11-07 09:41:04 ============================================================= Ben On Wednesday, November 6, 2024 at 2:51:33 PM UTC-5 Ray Bon wrote: > Ben, > > logoutURL is where cas will send the logout request (BACK_CHANNEL) or > redirect (FRONT_CHANNEL). Default is the url used during login. > With back channel logout, cas sends a logout request to logoutURL. Your > cas client has to process the request and perform the logout action. Check > you cas client's documentation, and perhaps your configuration. > > Cas does not end your application's session; it can only suggest to your > application to perform its own logout. > > I suggest removing all of the logout config you have add to cas (except > for logoutURL only if it is not the same as the login url). Cas will > perform a back channel logout by default. Then see how your application > responds to the logout request. > > Ray > > P.S. I think the shortest time for TGT time to live is 2m, so you may have > to wait this long or visit cas/logout > > On Wed, 2024-11-06 at 10:47 -0800, Ben wrote: > > But from the > https://apereo.github.io/cas/7.0.x/installation/Logout-Single-Signout.html#casslodisabledPropertyConfig > > page, it appears under the "Service Endpoint for Logout Requests" > section, if I set my logoutURL field to my application's log out, it CAS > can get the app to logout? Am I misunderstanding this? > > Thanks, > > > > On Tuesday, November 5, 2024 at 11:38:01 PM UTC-5 Ray Bon wrote: > > Ben, > > Cas session (TGT / TGC) and your application session are independent. > Logout requests are only sent by cas when cas/logout is visited. > Your application (cas client) must be able to receive and process the > logout request. > These loggers may help: > > <!-- INFO Performing logout operations for [TGT-...] > [number] logout requests were processed > DEBUG ST, principal and URL --> > <Logger name="org.apereo.cas.logout.DefaultLogoutManager" level="info"> > <Filters> > <ThresholdFilter level="INFO" onMatch="ACCEPT" onMismatch="NEUTRAL" /> > <RegexFilter regex="Captured logout request.*" onMismatch="DENY" /> > </Filters> > </Logger> > <!-- DEBUG Logout request will be sent to but does not print anything when > login was through SAML 1.1 --> > <Logger > name="org.apereo.cas.logout.DefaultSingleLogoutServiceLogoutUrlBuilder" > level="warn" /> > <!-- DEBUG preparing, processing and logout with URL and ST --> > <Logger name="org.apereo.cas.logout.slo" level="warn" /> > <!-- DEBUG SAML logout payload --> > <Logger name="org.apereo.cas.logout.SamlCompliantLogoutMessageCreator" > level="warn" /> > > Ray > > P.S. default-redirect is where cas will redirect when no service is > provided at login > > On Tue, 2024-11-05 at 06:55 -0800, Ben wrote: > > I'm sure I'm misunderstanding it, but in my properties, I added the > following to try to resolve the issue: > > cas.view.default-redirect-url= ${cas.server.name}/cas > cas.logout.follow-service-redirects=true > cas.slo.asynchronous=true > > My application is built in angular 2. Shouldn't it auto log out if the TGC > is expired similar to ng-idle? > > Ben Chang > On Monday, November 4, 2024 at 9:39:44 PM UTC-5 Dmitriy Kopylenko wrote: > > This could be helpful > https://apereo.github.io/cas/7.0.x/installation/Logout-Single-Signout.html > > D. > > On Mon, Nov 4, 2024 at 14:56 Ben <[email protected]> wrote: > > I thought CAS superseded the client apps session? Is there a way to > overwrite the local session? > > On Monday, November 4, 2024 at 1:38:23 PM UTC-5 Dmitriy Kopylenko wrote: > > The client app could be keeping their own local session. > > D. > > > On Mon, Nov 4, 2024 at 11:33 Ben <[email protected]> wrote: > > Hello, > > I am trying to set up a service to require a specific application to log > out after x (currently set to 5 as a test) seconds. I see the logs saying > its logging out, but when I click around the website, refresh, or make user > changes, I'm still logged in and it isn't requiring me to log in. > > I have the following config services. I don't think anything is > interfering with the other. > > "proxyPolicy": > { > "@class": > "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy", > "pattern": "^https?://.*" > }, > "attributeReleasePolicy" : { > "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" > }, > "accessStrategy" : { > "@class" : > "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", > "enabled" : true > }, > "ticketGrantingTicketExpirationPolicy": > { > "@class": > "org.apereo.cas.services.DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy", > "maxTimeToLiveInSeconds":5 > } > > Any help would be appreciated. > > Looking at > https://groups.google.com/a/apereo.org/g/cas-user/c/zvo3KBi46IU/m/fF-prmwDAQAJ, > > I tried disabling SLO too and that didn't work. > > The logs show the following indicating that I'm logged out (but not). > > 2024-11-04 06:58:37 2024-11-04 11:58:37,840 INFO > [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN > 2024-11-04 06:58:37 > ============================================================= > 2024-11-04 06:58:37 WHEN: 2024-11-04T11:58:37.840180900 > 2024-11-04 06:58:37 WHO: [email protected] > 2024-11-04 06:58:37 WHAT: TGT-1-****************n9NDYZKzU4-localhost > 2024-11-04 06:58:37 ACTION: LOGOUT_SUCCESS > 2024-11-04 06:58:37 CLIENT_IP: unknown > 2024-11-04 06:58:37 SERVER_IP: unknown > 2024-11-04 06:58:37 > ============================================================= > 2024-11-04 06:58:37 > 2024-11-04 06:58:37 > > 2024-11-04 06:58:37 2024-11-04 11:58:37,840 DEBUG > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Cleaning > up expired ticket [TGT-1-****************n9NDYZKzU4-localhost]> > 2024-11-04 06:58:37 2024-11-04 11:58:37,840 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing > children of ticket [TGT-1-****************n9NDYZKzU4-localhost] from the > registry.> > 2024-11-04 06:58:37 2024-11-04 11:58:37,840 DEBUG > [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - <Ticket > [ST-1-****************QCJKPHUzJY-localhost] could not be found> > 2024-11-04 06:58:37 2024-11-04 11:58:37,843 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket > [TGT-1-****************n9NDYZKzU4-localhost] from the registry.> > 2024-11-04 06:58:37 2024-11-04 11:58:37,844 INFO > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[2] > expired tickets removed.> > 2024-11-04 06:59:17 2024-11-04 11:59:17,857 INFO > [org.apereo.cas.throttle.AbstractInMemoryThrottledSubmissionHandlerInterceptorAdapter] > > - <Beginning audit cleanup...> > > > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57f47126-8b8b-48c4-8462-dcb756b2e962n%40apereo.org.
