I would like to get SSO working for the site though.
When turning on LogLevel to debug and monitoring the error_log file I
see lots of stuff going on regarding the POST. The last of which is:
.
.
.
[Thu Sep 17 20:34:40 2009] [debug] ssl_engine_io.c(1775): OpenSSL:
read 18/18 by
tes from BIO#2cd6e8 [mem: 308fd5] (BIO dump follows)
[Thu Sep 17 20:34:40 2009] [debug] ssl_engine_io.c(1722):
+---------------------
----------------------------------------------------+
[Thu Sep 17 20:34:40 2009] [debug] ssl_engine_io.c(1747): | 0000: 9a
1e 2c 33 a6
69 39 78-a6 ec 8b 6b 63 67 6f 2f ..,3.i9x...kcgo/ |
[Thu Sep 17 20:34:40 2009] [debug] ssl_engine_io.c(1747): | 0010: 5c 4d
\\M |
[Thu Sep 17 20:34:40 2009] [debug] ssl_engine_io.c(1753):
+---------------------
----------------------------------------------------+
[Thu Sep 17 20:34:40 2009] [debug] ssl_engine_kernel.c(1765):
OpenSSL: Read: SSL
negotiation finished successfully
[Thu Sep 17 20:34:40 2009] [info] [client xxx.xxx.xxx.xxx] (32)Broken
pipe: core
_output_filter: writing data to the network
[Thu Sep 17 20:34:40 2009] [info] [client xxx.xxx.xxx.xxx] (32)Broken
pipe: core
_output_filter: writing data to the network
[Thu Sep 17 20:34:40 2009] [info] [client xxx.xxx.xxx.xxx] (32)Broken
pipe: core
_output_filter: writing data to the network
[Thu Sep 17 20:34:40 2009] [info] [client xxx.xxx.xxx.xxx] (32)Broken
pipe: core
_output_filter: writing data to the network
[Thu Sep 17 20:34:40 2009] [info] [client xxx.xxx.xxx.xxx] Connection
closed to
child 13 with standard shutdown (server xx.xxx.xxx.xxx:443)
Any idea what 'Broken pipe: core_output_filter: writing data to
network' is?
--Karen
On Sep 17, 2009, at 2:38 PM, Marvin Addison wrote:
>> CAS is sending a logout POST to my client when I log out of CAS
>> through a different application. Here is the line out of my
>> apache access_log file:
>>
>> xxx.xxx.xxx.xxx - - [17/Sep/2009:12:52:01 -0400] "POST /develop/
>> index.php HTTP/1.1" 302 413
>>
>
> This is almost certainly the SAML LogoutRequest that CAS sends to
> implement single sign-out. I believe you can make a service opt-out
> by using the CAS services management tool and de-selecting the "SSO
> Participant" checkbox for that service.
>
> Note that if you are not currently using service management, you'll
> have to set up all the services that are authorized to use CAS. By
> default CAS ships in "all services allowed" mode, but as soon as you
> define a single service using the management tool, it becomes a
> whitelist where only explicitly authorized services can request and
> validate service tickets. The good news is that you can use Ant
> pattern expressions to cover a large number of services with a single
> registration.
>
> M
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see http://
> www.ja-sig.org/wiki/display/JSG/cas-user
----------------
Karen Carter ([email protected]) Georgia Institute of Technology
Academic and Research Technologies Atlanta, Georgia 30332-0700
Office of Information Technology 404-385-8349
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
