Hello Carl, Thank you for the prompt reply and information. That clarifies things – I misunderstood the difference between SSOut being supported by CAS but not necessarily by all CAS clients.
Thank you for sharing Twisted CAS Proxy – I will experiment with that as well. I like the approach. Thank you again and Happy Holidays! -Neil From: Carl Waldbieser [mailto:[email protected]] Sent: Monday, December 22, 2014 5:55 PM To: [email protected] Subject: Re: [cas-user] CAS Single Sign Out (Apache 2.2+mod_auth_cas 1.0.10) Neil, Under "known limitations" for MOD_AUTH_CAS ( https://github.com/Jasig/mod_auth_cas/blob/master/README), single sign out is not supported. If you can, integrating a CAS client into your web app that supports single sign out mat give you better results. If you still want to go the proxy route, I am working on a lightweight CAS authenting proxy that supports single log out: https://github.com/cwaldbieser/txcasproxy I have to warn you, though, I have only used it for experimenting and it has not been used in a production environment. Thanks, Carl Waldbieser On Dec 22, 2014 12:32 PM, "Neil Sabol" <[email protected]<mailto:[email protected]>> wrote: Good day CAS users, I hope this message finds you all well. Please advise me if this is not the correct forum to present a question like this (and accept my apologies). We are trying to setup CAS Single Sign OUT for several applications (and flat file websites) using Apache 2.2 with mod_auth_cas 1.0.10. CAS server version is 3.5. I’ve searched for a few days an cannot find a consistent description of this configuration and/or working example. Despite all of our efforts (I will outline below), calling the CAS logout URL does prevent login to new CAS protected services BUT mod_auth_cas services are still accessible until the browser window is closed (it appears that MOD_AUTH_CAS session cookie persists after logout). I suspect we are missing something easy but I’ve had no luck tracking it down. We have tried: • Setting CASSSOEnabled On in mod_auth_cas config • Using https vs http (with valid, signed certificates) on the services using mod_auth_cas • Confirmed that the CAS server can access the webserver running mod_auth_cas on port 443 • Using CAS v1 and CAS v2 I appreciate any guidance and assistance you are able to provide. Thank you in advance for your time and expertise. Neil Sabol Technical Support Analyst The University of New Mexico Information Technologies MSC02 1520 1 University of New Mexico Albuquerque, NM 87131 [email protected]<mailto:[email protected]> -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
