Alistair, When you run CAS without SSL, there is no SSO. I am guessing that without SSO, there is no need for SSOut. It's only a guess.
Adam Alistair Miles wrote: > Hi, I just thought I'd post this in case it's interesting to the CAS > developers. I've been evaluating CAS for a new project and setting up a > demonstration on my local machine. I'm using CAS 3.3.5 integrated with spring > security 2.0.5, following the configuration example given at > http://mattfleming.com/node/269. I set up everything following the demo > instructions at http://www.ja-sig.org/wiki/display/CASUM/Demo and everything > worked fine, single-sign-on and single-sign-out. I then repeated the exercise > on another machine, but didn't put the CAS server webapp behind HTTPS, I left > it on 8080. I realise that this is insecure, but I was just checking to see > if I could repeat the demo setup on another machine. I found that > single-sign-on worked fine, but that single-sign-out stopped working. Some > inspection of the TCP traffic showed that, under this second configuration, > the logout request is *not* sent by the CAS service to registered services. > > I.e., when CAS is behind HTTPS then I see requests like > > POST > /my-app/j_spring_cas_security_check;jsessionid=1441FABE23628F2B1A8D95C9E32F1B58 > HTTP/1.1 > Content-Length: 470 > Content-Type: application/x-www-form-urlencoded > User-Agent: Java/1.6.0_16 > Host: localhost:8888 > Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 > Connection: keep-alive > > logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-1-FB660PxuTb6xZoYLsAJdYFpgdx9XsFH0U6B%22+Version%3D%222.0%22+IssueInstant%3D%222010-02-24T10%3A03%3A21Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-1-AxoKlc22anaKaq0fvAO7-cas%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E > > ... but when CAS is on HTTP I see no such requests. > > This may be by design, but I thought I'd drop a note in case it's > interesting. > > Thanks for the great work. > > Regards, > > Alistair > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
<<attachment: arybicki.vcf>>
