> CAS is sending a logout POST to my client when I log out of CAS through a > different application. Here is the line out of my apache access_log file: > > xxx.xxx.xxx.xxx - - [17/Sep/2009:12:52:01 -0400] "POST /develop/index.php > HTTP/1.1" 302 413 >
This is almost certainly the SAML LogoutRequest that CAS sends to implement single sign-out. I believe you can make a service opt-out by using the CAS services management tool and de-selecting the "SSO Participant" checkbox for that service. Note that if you are not currently using service management, you'll have to set up all the services that are authorized to use CAS. By default CAS ships in "all services allowed" mode, but as soon as you define a single service using the management tool, it becomes a whitelist where only explicitly authorized services can request and validate service tickets. The good news is that you can use Ant pattern expressions to cover a large number of services with a single registration. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
