Please have a look at the documentation [1] how to handle logout
requests. Using the gateway feature _does_ work with the logout request.
As far as i can tell from your code snippet you are missing the
phpCAS::handleLogoutRequests();
that would handle the incoming logout request.
Aside from that you can try using the phpCAS::renewAuthentication()
function that will reauthenticate your phpcas session with a new ticket
from the cas server.
The function phpCAS::setCacheTimesForAuthRecheck(0) you are using only
"works" for non authenticated users. It's used to set how often a
gatewayed page will recheck for an existing CAS session for an anonymous
user.
Best Regards,
Joachim
[1]
https://wiki.jasig.org/display/CASC/phpCAS+examples#phpCASexamples-HandlelogoutrequestsfromtheCASserver
Am 14.11.2010 03:10, schrieb Matthew Selwood:
I meant to include the snippet of my code performing the gateway:
//initialize the CAS library require_once('CAS.php'); $CASAUTH = array(
"version" => "2.0", "proxy" => FALSE, "server" => "abc.com", "port" =>
8444, "uri" => "/cas", "start_session" => TRUE );
phpCAS::client($CASAUTH["version"], $CASAUTH["server"],
$CASAUTH["port"], $CASAUTH["uri"], $CASAUTH["start_session"]); // no SSL
validation for the CAS server phpCAS::setNoCasServerValidation();
phpCAS::setCacheTimesForAuthRecheck(0); $auth =
phpCAS::checkAuthentication();
echo "authenticated: ".$auth; echo "phpCAS user:
".$_SESSION['phpCAS']['user'];
I’m always getting user A in my echo statement.
Thanks again,
Matt
On 11/13/10 5:47 PM, "Matthew Selwood" <[email protected]> wrote:
Hello all,
I’m having an issue using the gateway feature with phpCAS.
Here’s my scenario:
1. User A logs in to CAS and then goes to website abc.com which
is gateway’ing using phpCAS. PhpCAS stores the user as ‘A’ in
$_SESSION[‘phpCAS’][‘user’].
2. User A now logs out of CAS. Note: no logout request is sent to
abc.com because it was using the gateway feature.
3. On the same computer, user B logs in to CAS and then goes to
website abc.com.
4. Website abc.com doesn’t gateway back to CAS, because it still
has the $_SESSION[‘phpCAS’][‘user’] set to ‘A’.
PhpCAS on website abc.com thinks user B is user A.
How do you clear the session between each phpCAS gateway? Is the
only way to get around such an issue to gateway against the CAS
server each visit to website abc.com?
Thanks,
Matt
-------------------------------
Matthew Selwood
Web and Identity Services Developer – Web Services
University of Victoria
250.472.5565 | [email protected]_ <_mailto:[email protected]_> | CLE C006
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
