When logging out, it would be a responsibility of a client application to destroy its Session store (created by CAS client library) which caches authenticated Principals in it.
Dmitriy. Sent from my iPhone On Dec 27, 2012, at 17:45, Farzan Qureshi <[email protected]> wrote: > Hi Eric, > > I confirm that I am also facing the same issue. It looks like that when we > log out it does not destroy the cookie/session under the browser though it is > destroyed on CAS. I can access the resource without authenticating again on > the same browser window. Or in case I close the browser and access again > only then I am asked to provide credentials. > > I am sorry I have no solution to offer but it is happening with us too. > > Kind regards, > > Farzan > > On 28/12/2012 11:31 AM, "Stein, Eric" <[email protected]> wrote: >> Thanks for helping, Gil! >> >> >> >> Okay, I switched to SAML. I needed to do that anyway, so I'm glad to get >> that out of the way. Unfortunately, I'm still seeing the issue. I'm using >> Firefox 17.0.1. I log in to my hello-world webapp successfully. I included >> this link in index.jsp: >> >> >> >> <a href="/authentication/logout" onClick="session.invalidate()">Log >> out</a> >> >> >> >> When I click on the link, it takes me to the cas logoff screen and says I >> have been logged out. However, when I return to /hello-world, I see the JSP >> without needing to reauthenticate. I've attached the most recent version of >> my web.xml file. If anybody has any thoughts, I'd really appreciate it. >> >> >> >> Thanks, >> >> Eric Stein >> >> >> >> From: Gil Victor Teixeira Pinto [mailto:[email protected]] >> Sent: Thursday, December 27, 2012 2:04 PM >> To: [email protected] >> Cc: [email protected]; [email protected]; Stein, Eric >> Subject: Re: [cas-user] CAS 3.5.1: Having trouble with Sign-Out >> >> >> >> Hi, >> >> The only difference that i have in my web.xml is the SAML: >> >> <!-- SSOut https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out >> --> >> <filter> >> <filter-name>CAS Single Sign Out Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> >> <init-param> >> <param-name>artifactParameterName</param-name> >> <param-value>SAMLart</param-value> >> </init-param> >> </filter> >> >> >> I've also SAML at: >> >> >> <!-- CAS --> >> <filter> >> <filter-name>CAS Authentication Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class> >> <!-- >> >> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >> --> >> <init-param> >> <param-name>casServerLoginUrl</param-name> >> <param-value>https://server:8443/cas/login</param-value> >> </init-param> >> <init-param> >> <param-name>serverName</param-name> >> <param-value>http://server:8080</param-value> >> </init-param> >> </filter> >> >> <filter> >> <filter-name>CAS Validation Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class> >> <!-- >> >> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >> --> >> <init-param> >> <param-name>casServerUrlPrefix</param-name> >> <param-value>https://server:8443/cas</param-value> >> </init-param> >> <init-param> >> <param-name>serverName</param-name> >> <param-value>http://server:8080</param-value> >> </init-param> >> <init-param> >> <param-name>redirectAfterValidation</param-name> >> <param-value>true</param-value> >> </init-param> >> <init-param> >> <param-name>useSession</param-name> >> <param-value>true</param-value> >> </init-param> >> </filter> >> >> >> >> On Wednesday, December 26, 2012 8:24:41 PM UTC-2, Stein, Eric wrote: >> >> I've got Tomcat 7.0.25 running with CAS 3.5.1 and a trivial java webapp >> with one JSP. I added a link from the page to /cas/logout. When I follow >> the link, CAS tells me I've logged out successfully, but I can navigate >> back to the page without needing to authenticate again. It looks like >> tickets are still being granted. I'm also seeing this line in my client >> webapp: >> >> 17:10:01.946 [http-bio-8080-exec-12] TRACE >> o.j.c.c.session.SingleSignOutFilter - Ignoring URI /hello-world/ >> >> Does anyone have any thoughts on what I might be doing wrong? Is there >> any documentation on sign out/single sign out that I'm missing? >> >> Thanks, >> Eric Stein >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. If > you have received this email in error please notify the system manager > ([email protected]). Please note that any views or opinions presented > in this email are solely those of the author and do not necessarily represent > those of the company. Finally, the recipient should check this email and any > attachments for the presence of viruses. Rosmini College accepts no liability > for any damage caused by any virus transmitted by this email. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
