Misagh,
I stuck a filter in my cas server to intercept calls to /logout and
call
httpRequest.getSession().invalidate();
chain.doFilter(httpRequest, response);
I'm still seeing the same issue. Did you have any other thoughts?
Thanks,
Eric Stein
From: Misagh Moayyed [mailto:[email protected]]
Sent: Friday, December 28, 2012 11:01 AM
To: [email protected]
Subject: RE: [cas-user] CAS 3.5.1: Having trouble with Sign-Out
"session.invalidate()" in the manner that you have it is not going to
destroy your session. Likely, that produces a JS error. I believe you'd
have to carry that out through a little bit of Java code.
1. You link could submit the request to a LogOutServlet which destroys
the session and redirects to /cas/logout.
2. You link could redirect to another jsp page which would include the
bit <% session.invalidate(); %> in it and would then redirect to
/cas/logout
3. You could potentially investigate the issue in CAS server logs to
see what SLO callbacks aren't coming in, if CAS is configured to issue
those, in which case you wouldn't need 1 or 2 and a simple redirect to
/cas/logout would suffice.
HTH.
-Misagh
From: Stein, Eric [mailto:[email protected]]
Sent: Friday, December 28, 2012 8:16 AM
To: [email protected]
Subject: RE: [cas-user] CAS 3.5.1: Having trouble with Sign-Out
I didn't see anything relevant, but maybe somebody else can? I included
a clean log sample that includes:
0. Start up tomcat with CAS and hello-world running.
1. Visit hello-world - intercepted and authentication via CAS first.
2. Click this link on index.jsp:
<a href="/authentication/logout"
onClick="session.invalidate()">Log out</a>
3. visit hello-world - *not* intercepted.
My browser was Firefox 17.0.1. /authentication is my CAS overlay.
Thanks so much for your time!
Eric Stein
From: Scott Battaglia [mailto:[email protected]]
Sent: Friday, December 28, 2012 9:36 AM
To: [email protected]
Subject: RE: [cas-user] CAS 3.5.1: Having trouble with Sign-Out
Were there any other messages in the logs?
On Dec 28, 2012 9:24 AM, "Stein, Eric" <[email protected]> wrote:
Ok, that makes sense. Thanks for explaining that, Scott.
Eric Stein
From: Scott Battaglia [mailto:[email protected]]
Sent: Friday, December 28, 2012 12:23 AM
To: [email protected]
Subject: Re: [cas-user] CAS 3.5.1: Having trouble with Sign-Out
That message gets written out (at trace level) whenever a URI does not
have the logout request or an authentication token (so basically every
page besides the logout request and the initial redirect back from CAS).
On Wed, Dec 26, 2012 at 5:24 PM, Stein, Eric <[email protected]>
wrote:
I've got Tomcat 7.0.25 running with CAS 3.5.1 and a trivial java webapp
with one JSP. I added a link from the page to /cas/logout. When I follow
the link, CAS tells me I've logged out successfully, but I can navigate
back to the page without needing to authenticate again. It looks like
tickets are still being granted. I'm also seeing this line in my client
webapp:
17:10:01.946 [http-bio-8080-exec-12] TRACE
o.j.c.c.session.SingleSignOutFilter - Ignoring URI /hello-world/
Does anyone have any thoughts on what I might be doing wrong? Is there
any documentation on sign out/single sign out that I'm missing?
Thanks,
Eric Stein
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
