I don't recall seeing that specified in the CAS Protocol. I thought that the only back channel communication was for proxy ticket generation.
We are setup for proxy ticket generation and use so the applications aren't expecting back channel communication. Currently the servers are in completely different FW zones and http/https from the cas servers isn't allowed (thus the timeouts). The 500 error is coming from the dev environ where the servers are on the same zone, but the application isn't expecting the back channel comm and is erring out because it just redirects back to cas to authenticate... I missed it in the setup information. I see it now and will disable it for now. Thanks, Marvin! -John -----Original Message----- From: Marvin Addison [mailto:[email protected]] Sent: Wednesday, September 21, 2011 9:43 AM To: [email protected] Subject: Re: [cas-user] Error messages in cas log > Could anybody tell me why I am seeing these in my CAS log file? Those are back-channel single sign-out callbacks sent from the CAS server to the entry points of all services a user accessed during an SSO session. This is a fairly common occurrence, and completely innocuous, but you might investigate why you're getting 500 and socket timeouts from your client apps. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
