On Thu, Apr 3, 2008 at 5:40 PM, Steve Podell <[EMAIL PROTECTED]> wrote:
> CAS is working great for our webapps. I need to add single signout to > our setup to do some cleanup in the soon to be invalidated sessions on > logout. So I added the Single Sign out filter and listener as described > here... > http://www.ja-sig.org/wiki/display/CASC/Configuring+Single+Sign+Out > > I am using cas-server-core-3.1.jar > > When I set a debugger breakpoint in > org.jasig.cas.client.session.SingleSignOutFilter, I can see requests > coming through, but I never see a POST, so the request parameter > "logoutRequest" is not acted on. I also don't see the > artifactParameterName/"ticket" parameter coming through either, so the > the session references are not being cached. > > The wiki page > http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out > mentions an ArgumentExtractor property called disableSingleSignOut, but > I don't see where you would set it (and have not set it). > > When I watch the requests on a http analyzer on my PC, there is an early > POST on the login to cas that does contain the ticket on the response. > But a client side filter would not see the response...? > > - Process : firefox.exe[2748] > (COUNT=25) > > 8 13:03:14:453 0.264 s POST 302 0 text/plain > https:// > /iii/cas/login;jsessionid=3C16428223AD4231E9079B8B50804C19?service=https%3A%2F%2Fmtdemo.iii.com%3A443%2Fiii%2Fmfrpro%2Fj_acegi_cas_security_check > > > https://mtdemo.iii.com:443/iii/mfrpro/j_acegi_cas_security_check?ticket=ST-5-SfMWDEiDcVLVoLxsaEbYfcT3ZXTupEvGHHB-20 > > So some basic questions: > 1) This filter is client side cache of tickets and sessions? The filter is a client side filter so it should be set on the applications. > > 2) I should be seeing logoutRequest POSTs to the webapp so that the CAS > client code can cache the tickets? You'll only see the POST when you actually log out of CAS. > > 3) I should be seeing POSTs with "ticket" as a request parameter? No you should only be seeing GETs with tickets. > > 4) This feature is in cas-server-core-3.1? Your best bet is to use CAS Server 3.2.1 for Single Sign Out. > > 5) The feature defaults to "on"? The ArgumentExtractor properties are > already set up? In CAS 3.2.1 it defaults to on. 3.2 had an accidental bug flipping a ! so it was defaulted to off, but appeared to be on. -Scott > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
