Re: CAS Global Logout help

Tue, 26 Feb 2008 23:42:41 -0800 

On Wed, 2008-02-27 at 12:36 +0530, lalitanand dandge wrote:
> Hi all,
> I have CAS (3.1) Server running, and three PHP clients those can
> contact to CAS for authentication.
> The Single Sign On works fine for those applications (Drupal, moodle,
> mediawiki).
> I have problem with the logout, I want to configure the application
> and the CAS server for global logout, but I am unable to find 
> good documentation (user manual) to do that. 
> So can anybody help me give steps what i need to do to get it done.
> (what configuration, which files to edit etc.)
> 

For single logout the cas server will send a POST request to the PHP
clients, cotaining the initial service ticket ST-NNN-... issued to the
client. So the trick is

1) on session initiation: register somewhere this service ticket
associated with the php session_id() (a session variable could do the
job)

2) on logout parse the POST request and delete the correspoding session

For instance my php clients start with these code:

  if ($_REQUEST['logoutRequest']) {

  session_write_close();


  ereg("<samlp:SessionIndex>(ST-[0-9]+-[^<]+)<\/samlp:SessionIndex>" ,
$_REQUEST['logoutRequest'] , &$regs);

 ---- code to delete the session  -----

    exit;
    }

I found really useful, for other reasons too , to save all session data
to a (postgres) db instead of files. So the code to delete the session
is really easy in my case:

   $query="DELETE from php_sessions WHERE
service_ticket='".$regs[1]."';";


Also associating the initial service ticket to a session is something
not complicated:

 if ($_REQUEST['ticket']) {
  $query = "update php_sessions set
service_ticket='".$_REQUEST['ticket']."' where
session_id='".session_id()."'
;"; 



Hope this helps. If somehone has done this with the standard PHP session
save handler, it would be useful to see how it can be done.


-- 
Enrico Cavalli
CILEA - via R. Sanzio 4, 20090 - Segrate (MI), Italy
phone: +39 02 26995.383 - fax: +39 02 2135520 - skype: enricocavalli
PGP Fingerprint: 3762 7B1B 743E 029C 8F94  8ADE BC4B 43A7 0485 30E5

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to