Hi, It means that your application is protected by basic auth, isn't it ? Thus protected by CAS and a basic auth at the same time... In any case, the component responsible for calling applications for logout is the HttpClient class [1]. In CAS 4.0, HttpClient is no more a class, but an interface implemented by default with SimpleHttpClient [2]. The method called for logout is : sendMessageToEndPoint [3]. Best regards, Jérôme
[1] : https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/util/HttpClient.java [2] : https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/util/SimpleHttpClient.java [3] : https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/authentication/principal/AbstractWebApplicationService.java#L164<https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/authentication/principal/AbstractWebApplicationService.java#L148> 2013/9/19 xie <[email protected]> > CAS server issues single sign out callbacks request to a CAS client via > POST. But the client demands this callback should be sent with basic > authentication, namely an additional Header in this callback request: > > Authorization: Basic <base64 encoded credential> > > Best regards, > Xie > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
