RE: [cas-user] More on my logout troubles

Tue, 06 Jul 2010 12:03:51 -0700 

I believe the order is correct.

I also modified the CAS signout filter to log more information.  I never get 
log messages. It seems glassfish isn't even letting the POST go through.

Sigh.

<filter>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>




    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>

            <!--<param-value>https://ulogin.utah.edu/cas/login</param-value>-->
            <param-value>https://guide.acs.utah.edu:9932/cas/login</param-value>
        </init-param>


        <init-param>
            <param-name>service</param-name>
            
<param-value>https://guide.acs.utah.edu:9932/uofu/stu/GraduateTracking</param-value>
            
<!--<param-value>http://dev.acs.utah.edu:8601/uofu/stu/GraduateTracking</param-value>-->
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <!--<param-value>http://dev.acs.utah.edu</param-value>-->
            <param-value>https://guide.acs.utah.edu:9932</param-value>
        </init-param>
        <init-param>
            <param-name>artifactParameterName</param-name>
            <param-value>ticket</param-value>
        </init-param>
        <!--<init-param>
            <param-name>renew</param-name>
            <param-value>true</param-value>
        </init-param>-->
    </filter>

    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>



        <init-param>
            <param-name>casServerUrlPrefix</param-name>
           <!-- <param-value>https://ulogin.utah.edu/cas</param-value>-->
            <param-value>https://guide.acs.utah.edu:9932/cas</param-value>
        </init-param>
        <init-param>
            <param-name>service</param-name>
            
<!--<param-value>http://dev.acs.utah.edu/uofu/stu/GraduateTracking</param-value>-->
            
<param-value>https://guide.acs.utah.edu:9932/uofu/stu/GraduateTracking</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <!--<param-value>http://dev.acs.utah.edu</param-value>-->
            <param-value>https://guide.acs.utah.edu:9932</param-value>
        </init-param>
        <!--<init-param>
            <param-name>useSession</param-name>
            <param-value>false</param-value>
        </init-param>-->
        <!--<init-param>
            <param-name>renew</param-name>
            <param-value>true</param-value>
        </init-param>-->
    </filter>


    <filter>
        <filter-name>CAS Wrapper Filter</filter-name>
        
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>

Bryan Wooten

[email protected]
Work: 801.585.9323
Cell: 801.414.3593

From: Scott Battaglia [mailto:[email protected]]
Sent: Tuesday, July 06, 2010 12:52 PM
To: [email protected]
Subject: Re: [cas-user] More on my logout troubles

Are your clients protected with the Java client?  If so, make sure the filters 
are ordered correctly (if they are in the wrong order, the auth. request can 
kick off before the sign out request).

On Tue, Jul 6, 2010 at 2:41 PM, Bryan Wooten 
<[email protected]<mailto:[email protected]>> wrote:
So after much debugging I have come to the conclusion that there is some wrong 
with both Sun App servers (our proxy) and Glassfish.

I wrote a simple test application using HttpClient that does a post to my 
CASified application with a fake logout request. All I get back are 301s or 
302s.  I get the 302s when the 2 apps are on the glassfish instance and the 
301s when the CASified app is behind our proxy.

What is weird is that we use HttpClient to POST to our PeopleSoft Weblogic 
servers successfully. Also we have many apps that do forms posts (JSF pages) 
that successfully make it through the proxy.

I am at a loss to explain this behavior. Not having much luck with google, so I 
guess I'll have to post a question on the glassfish forums.

Thanks everyone for your help.

Bryan Wooten

[email protected]<mailto:[email protected]>
Work: 801.585.9323
Cell: 801.414.3593


--

You are currently subscribed to 
[email protected]<mailto:[email protected]> as: 
[email protected]<mailto:[email protected]>







To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


--

You are currently subscribed to [email protected] as: 
[email protected]

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to