Hi Scott,
I will go with 3.2.1. for workable Single Sign Out. Do you have a
idea about how long it will be before 3.2.1 gets labeled "stable"?
Thanks,
Steve
Scott Battaglia wrote:
>
>
> On Thu, Apr 3, 2008 at 5:40 PM, Steve Podell <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
> CAS is working great for our webapps. I need to add single signout to
> our setup to do some cleanup in the soon to be invalidated sessions on
> logout. So I added the Single Sign out filter and listener as
> described
> here...
> http://www.ja-sig.org/wiki/display/CASC/Configuring+Single+Sign+Out
>
> I am using cas-server-core-3.1.jar
>
> When I set a debugger breakpoint in
> org.jasig.cas.client.session.SingleSignOutFilter, I can see requests
> coming through, but I never see a POST, so the request parameter
> "logoutRequest" is not acted on. I also don't see the
> artifactParameterName/"ticket" parameter coming through either, so the
> the session references are not being cached.
>
> The wiki page
> http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out
> mentions an ArgumentExtractor property called
> disableSingleSignOut, but
> I don't see where you would set it (and have not set it).
>
> When I watch the requests on a http analyzer on my PC, there is an
> early
> POST on the login to cas that does contain the ticket on the response.
> But a client side filter would not see the response...?
>
> - Process : firefox.exe[2748]
> (COUNT=25)
>
> 8 13:03:14:453 0.264 s POST 302 0 text/plain
>
> https:///iii/cas/login;jsessionid=3C16428223AD4231E9079B8B50804C19?service=https%3A%2F%2Fmtdemo.iii.com%3A443%2Fiii%2Fmfrpro%2Fj_acegi_cas_security_check
>
>
> https://mtdemo.iii.com:443/iii/mfrpro/j_acegi_cas_security_check?ticket=ST-5-SfMWDEiDcVLVoLxsaEbYfcT3ZXTupEvGHHB-20
>
> So some basic questions:
> 1) This filter is client side cache of tickets and sessions?
>
> The filter is a client side filter so it should be set on the
> applications.
>
>
> 2) I should be seeing logoutRequest POSTs to the webapp so that
> the CAS
> client code can cache the tickets?
>
> You'll only see the POST when you actually log out of CAS.
>
>
> 3) I should be seeing POSTs with "ticket" as a request parameter?
>
> No you should only be seeing GETs with tickets.
>
>
> 4) This feature is in cas-server-core-3.1?
>
> Your best bet is to use CAS Server 3.2.1 for Single Sign Out.
>
>
> 5) The feature defaults to "on"? The ArgumentExtractor properties are
> already set up?
>
> In CAS 3.2.1 it defaults to on. 3.2 had an accidental bug flipping a
> ! so it was defaulted to off, but appeared to be on.
>
> -Scott
>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected] <mailto:[email protected]>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
