Good to know, Farzan. At least we haven't hit a super-weird corner case. Maybe somebody out there can help us both!
Eric Stein From: Farzan Qureshi [mailto:[email protected]] Sent: Thursday, December 27, 2012 5:46 PM To: [email protected] Subject: RE: [cas-user] CAS 3.5.1: Having trouble with Sign-Out Hi Eric, I confirm that I am also facing the same issue. It looks like that when we log out it does not destroy the cookie/session under the browser though it is destroyed on CAS. I can access the resource without authenticating again on the same browser window. Or in case I close the browser and access again only then I am asked to provide credentials. I am sorry I have no solution to offer but it is happening with us too. Kind regards, Farzan On 28/12/2012 11:31 AM, "Stein, Eric" <[email protected]> wrote: Thanks for helping, Gil! Okay, I switched to SAML. I needed to do that anyway, so I'm glad to get that out of the way. Unfortunately, I'm still seeing the issue. I'm using Firefox 17.0.1. I log in to my hello-world webapp successfully. I included this link in index.jsp: <a href="/authentication/logout" onClick="session.invalidate()">Log out</a> When I click on the link, it takes me to the cas logoff screen and says I have been logged out. However, when I return to /hello-world, I see the JSP without needing to reauthenticate. I've attached the most recent version of my web.xml file. If anybody has any thoughts, I'd really appreciate it. Thanks, Eric Stein From: Gil Victor Teixeira Pinto [mailto:[email protected]] Sent: Thursday, December 27, 2012 2:04 PM To: [email protected] Cc: [email protected]; [email protected]; Stein, Eric Subject: Re: [cas-user] CAS 3.5.1: Having trouble with Sign-Out Hi, The only difference that i have in my web.xml is the SAML: <!-- SSOut https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-c lass> <init-param> <param-name>artifactParameterName</param-name> <param-value>SAMLart</param-value> </init-param> </filter> I've also SAML at: <!-- CAS --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFi lter</filter-class> <!-- <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</ filter-class> --> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://server:8443/cas/login</param-value <https://server:8443/cas/login%3c/param-value> > </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://server:8080</param-value <http://server:8080%3c/param-value> > </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilt er</filter-class> <!-- <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketV alidationFilter</filter-class> --> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://server:8443/cas</param-value <https://server:8443/cas%3c/param-value> > </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://server:8080</param-value <http://server:8080%3c/param-value> > </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> </filter> On Wednesday, December 26, 2012 8:24:41 PM UTC-2, Stein, Eric wrote: I've got Tomcat 7.0.25 running with CAS 3.5.1 and a trivial java webapp with one JSP. I added a link from the page to /cas/logout. When I follow the link, CAS tells me I've logged out successfully, but I can navigate back to the page without needing to authenticate again. It looks like tickets are still being granted. I'm also seeing this line in my client webapp: 17:10:01.946 [http-bio-8080-exec-12] TRACE o.j.c.c.session.SingleSignOutFilter - Ignoring URI /hello-world/ Does anyone have any thoughts on what I might be doing wrong? Is there any documentation on sign out/single sign out that I'm missing? Thanks, Eric Stein -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ([email protected]). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
