|
Steve, I think that you must be using the complete cas.war rather than just cas-server-core-3.1.jar, but that's beside the point. While I don't think that this will solve your problem, I know from experience that SSOut in CAS 3.1 is broken. The Single Sign Out filter will throw an exception parsing the SSOut message because of this bug: http://www.ja-sig.org/issues/browse/CAS-570. So, you'll need CAS 3.1.1 at minimum. If you get 3.2, you will experience another bug in SSOut (http://www.ja-sig.org/issues/browse/CAS-625), so you should get 3.2.1-RC1, which contains a fix. Neither of these explains why you are not seeing the SSOut POST, though. :-( Adam Steve Podell wrote: CAS is working great for our webapps. I need to add single signout to our setup to do some cleanup in the soon to be invalidated sessions on logout. So I added the Single Sign out filter and listener as described here... http://www.ja-sig.org/wiki/display/CASC/Configuring+Single+Sign+OutI am using cas-server-core-3.1.jar When I set a debugger breakpoint in org.jasig.cas.client.session.SingleSignOutFilter, I can see requests coming through, but I never see a POST, so the request parameter "logoutRequest" is not acted on. I also don't see the artifactParameterName/"ticket" parameter coming through either, so the the session references are not being cached. The wiki page http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out mentions an ArgumentExtractor property called disableSingleSignOut, but I don't see where you would set it (and have not set it). When I watch the requests on a http analyzer on my PC, there is an early POST on the login to cas that does contain the ticket on the response. But a client side filter would not see the response...? - Process : firefox.exe[2748] (COUNT=25) 8 13:03:14:453 0.264 s POST 302 0 text/plain https:///iii/cas/login;jsessionid=3C16428223AD4231E9079B8B50804C19?service=https%3A%2F%2Fmtdemo.iii.com%3A443%2Fiii%2Fmfrpro%2Fj_acegi_cas_security_check https://mtdemo.iii.com:443/iii/mfrpro/j_acegi_cas_security_check?ticket=ST-5-SfMWDEiDcVLVoLxsaEbYfcT3ZXTupEvGHHB-20 So some basic questions: 1) This filter is client side cache of tickets and sessions? 2) I should be seeing logoutRequest POSTs to the webapp so that the CAS client code can cache the tickets? 3) I should be seeing POSTs with "ticket" as a request parameter? 4) This feature is in cas-server-core-3.1? 5) The feature defaults to "on"? The ArgumentExtractor properties are already set up? _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas |
begin:vcard fn:Adam Rybicki n:Rybicki;Adam org:Unicon, Inc.;Professional Services adr:Suite 113;;3140 North Arizona Avenue;Chandler;AZ;85225;United States email;internet:[EMAIL PROTECTED] tel;work:+1-480-558-2400 tel;home:+1-310-265-8286 tel;cell:+1-310-980-2758 x-mozilla-html:FALSE url:http://www.unicon.net/ version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
