If you're using Tomcat, you won't see them unless you enable its access log writing.
Essentially what should happen is that when you log out of CAS it will send an HTTP POST to each application's service url indicating they should destroy the session. -Scott ---------- Forwarded message ---------- From: tedzo <[EMAIL PROTECTED]> Date: Mon, Apr 7, 2008 at 8:12 PM Subject: Re: SingleSignout Problems To: Yale CAS mailing list <[email protected]> Thanks for your response. I don't see any POST. But maybe I am not looking at the right place? I tried catalina.out on the windowsXP setup where I am testing. Should I look elsewhere? Thanks for your time. ----- Original Message ---- From: Scott Battaglia <[EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Monday, April 7, 2008 1:43:54 PM Subject: Re: SingleSignout Problems Are you seeing POST calls in your Apache logs to the service url? That would indicate whether CAS is sending the Single Sign Out message or not. -Scott On Mon, Apr 7, 2008 at 3:06 PM, tedzo <[EMAIL PROTECTED]> wrote: > I renamed the subject line to better describe the question. > > I looked through a document pointed to by another poster (Adam)- > http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out. This document > talks about "a callback to each of the services that are registered..." > Where/How do I register? As of now I have- > 1. Added the SingleSignOut filter to the web.xml of each webapp (before > the other 3 filters- Authentication, Validation, Wrapper). > 2. Added the HttpSessionListener to each webapp's web.xml (before all the > filters are defined). > 3. I redirect the user to https://<server>:8443/cas/logout during logout. > > Do I need to register for the callback explicitly? I am not sure even if > the SignOutFilter is being invoked because if I don't call > session.invalidate() before redirecting to /cas/logout, the session > continues to be valid. I am missing something here. What is it? > > Thanks for your time. > > ----- Original Message ---- > From: tedzo <[EMAIL PROTECTED]> > To: Yale CAS mailing list <[email protected]> > Sent: Sunday, April 6, 2008 10:48:31 PM > Subject: Re: How to get the username (netID)? > > Ok, so I am looking at the SingleSignOutFilter and > SingleSignOutHttpSessionListener and these are per webapp (i.e, defined in > every webapp's web.xml). Also, the code indicates that the filter > invalidates the session in the webapp where the user attempted to logout. > So, I am not sure I understand how this can cause the same user's sessions > in other webapps to also be destroyed. In short, how can this work? > > I am guessing I don't understand how a HttpSessionListener works... > > Thanks. > > ----- Original Message ---- > From: tedzo <[EMAIL PROTECTED]> > To: Yale CAS mailing list <[email protected]> > Sent: Sunday, April 6, 2008 9:53:37 PM > Subject: Re: How to get the username (netID)? > > Scott, > Thank you for your response. > > Actually, it turned out that I needed to include the other filters too > (not just the authentication filter, unlike the Yale Client I was used to). > After I included the ValidationFilter, it worked just fine. > > I have now included the SingleZSignoutFilter and the SessionListener in > order to get SingleSignout working and its not? I added the filter and > listener to web.xml of 2 webapps. I invalidate the session and redirect to > /cas/logout when the user chooses to logout in one of the webapps. The > logout page displays. I assumed at this point that I would be logged out of > the other webapp too. Thats not hapenning. What am I missing? (I admit, I > haven't yet searched the archives for mails detailing similar problems...) > > Thanks for your time. > > Av. > > ----- Original Message ---- > From: Scott Battaglia <[EMAIL PROTECTED]> > To: Yale CAS mailing list <[email protected]> > Sent: Sunday, April 6, 2008 6:27:01 PM > Subject: Re: How to get the username (netID)? > > Hi, > > What order are your filters in? Our wiki page (which I think you were > looking at) shows the order they should appear in. If they're in that > order, they should work. At least we haven't noticed any problems so far > :-) > > -Scott > > On Sat, Apr 5, 2008 at 2:01 PM, tedzo <[EMAIL PROTECTED]> wrote: > > > Thank you Calcutta for your response. > > > > After reading the document a bit more I too realized that I would need > > the HttpServletRequestWrapper. So, I added that. However I am hitting a > > weird NullPointerException when I try to get the RemoteUser- Apparantly, > > getUserPrincipal() is null within HttpServletRequestWrapperFilter. > > > > I am not sure what the cause of that would be. Is there an issue with > > the SSL certificate or something? I was successfully using server 3.06 and > > Yale client 2.1.1 on this machine and I replaced both with newer versions > > (3.1.2 and 3.1.1 client). So, I assumed everything should just start > > working... > > > > Exception Status Code : 500 > > Resource : /DXX/login.jsp > > Error : org.apache.jasper.JasperException: An exception occurred > > processing JSP > > page /login.jsp at line 85 > > > > 82: System.out.println("2222*****************"); > > 83: String ticket = request.getParameter("ticket"); > > 84: System.out.println("3333*****************"); > > 85: String user = request.getRemoteUser(); > > 86: System.out.println("4444*****************"); > > 87: int ec = -1; > > 88: > > > > > > Stacktrace: > > > > org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper > > .java:524) > > > > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:435) > > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320) > > org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > root cause: [java.lang.NullPointerException] :: null > > > > org.jasig.cas.client.util.HttpServletRequestWrapperFilter$CasHttpServletRequestW > > rapper.getRemoteUser(HttpServletRequestWrapperFilter.java:80) > > org.apache.jsp.login_jsp._jspService(login_jsp.java:1098) > > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > > > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:393) > > > > GET Query : > > rdir=%2FDXX%2Fmain.jsp%3Bjsessionid%3D10FA876D949F2C47D450E6055A2DB8 > > > > 79%3Fticket%3DST-1-bL1W1fQcus4ak3PDc9wi&error=7&ticket=ST-2-c5icFZJZe0LMbAaOATNc > > > > > > 2008-04-05 10:42:38,428 DEBUG [http-8080-2] > > authentication.AuthenticationFilter: > > 81 - no ticket and no assertion found > > 2008-04-05 10:42:38,428 DEBUG [http-8080-2] util.CommonUtils :195 - > > serviceU > > rl generated: > > http://ani.dxx.com:8080/DXX/login.jsp?rdir=%2FDXX%2FW<http://ani.dxx.com:8080/DMM/login.jsp?rdir=%2FDMM%2FW> > > > > EB-INF%2Fapplication%2Ferror%2Fexception.jsp%3Frdir%3D%252FDXX%252Fmain.jsp%253B > > > > jsessionid%253D10FA876D949F2C47D450E6055A2DB879%253Fticket%253DST-1-bL1W1fQcus4a > > > > Thank you for your time. > > > > > > ----- Original Message ---- > > From: Oh Calcutta <[EMAIL PROTECTED]> > > To: Yale CAS mailing list <[email protected]> > > Sent: Friday, April 4, 2008 11:42:35 PM > > Subject: Re: How to get the username (netID)? > > > > > > - If you enable HttpServletRequestWrapper filter, then you can do a > > simple request.getRemoteUser() to get the NetId. > > > > > > tedzo wrote: > > > > Some progress in my quest to use JA-SIG client 3.1.1 and eventually the > > SingleSignOutFilter... > > I am trying to get a hold of the username (netId) but have been unable > > to. It seems that I should be able to get to it using > > session.getAttribute("_const_cas_assertion_") from my jsp. But that doesn't > > seem to work. > > > > What am I missing? > > > > Thanks. > > > > > > ----- Original Message ---- > > From: tedzo <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > > To: Yale CAS mailing list <[email protected]> <[email protected]> > > Sent: Friday, April 4, 2008 10:48:29 PM > > Subject: Re: Which version of cas to use for SingleSignOut feature? > > > > Ok, I found > > > > http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml > > > > That document describes 6 different filters (AuthenticationFilter, > > HttpServletRequestWrapper and so on). I am not sure if I need to configure > > all the filters or can I get away with just the AuthenticationFilter? In the > > Yale version I configured just the one filter (CASFilter) for > > authentication. > > > > Any pointers? > > > > Thanks. > > > > ----- Original Message ---- > > From: tedzo <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > > To: Yale CAS mailing list <[email protected]> <[email protected]> > > Sent: Friday, April 4, 2008 10:22:55 PM > > Subject: Re: Which version of cas to use for SingleSignOut feature? > > > > That will be a problem :( I guess I will have to move to the newer > > versions. > > > > Is using JA-SIG Java client similar to using the Yale Client? I was > > looking for a tutorial of some sort that explains configuring/using the > > JA-SIG Java Client and didn't find any. This doesn't seem to work > > http://www.ja-sig.org/products/cas/client/client-java/index.html. > > > > I am seeing references to cas-client.properites etc and I am not sure > > how to proceed. > > For the Yale Java client, I just added the filter info in web.xml and I > > was off and running.... > > > > Your help is appreciated. > > > > Thanks. > > > > ----- Original Message ---- > > From: Adam Rybicki <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > > To: Yale CAS mailing list <[email protected]> <[email protected]> > > Sent: Friday, April 4, 2008 4:38:01 PM > > Subject: Re: Which version of cas to use for SingleSignOut feature? > > > > Hi, > > > > The versions you are using do not support SSOut. You need CAS Server > > 3.1.1 or 3.1.2 if you must use a "release" version or 3.2.1-RC1 if you are > > OK with using a "release candidate" version. > > > > Yale CAS client does not support SSOut, but perhaps someone will > > contribute it. The JA-SIG CAS Client version 3.1.1 supports SSOut, and > > that's the latest version available. > > > > The earliest versions that should correctly support SSOut are 3.1.1 for > > CAS Server and 3.1 for JA-SIG CAS Client. > > > > Adam > > > > tedzo wrote: > > > > Hello all, > > I am trying to find out which versions of cas server and cas java client > > I need to use in order to be able to use the SingleSignOut feature. I > > currently have cas server 3.0.6 and Yale client 2.1.1. > > > > - Does it matter which version of client I use? > > - What are the earliest versions that support the said feature? > > > > Thanks. > > > > ------------------------------ > > You rock. That's why Blockbuster's offering you one month of Blockbuster > > Total > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > No Cost. > > > > ------------------------------ > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > ------------------------------ > > You rock. That's why Blockbuster's offering you one month of Blockbuster > > Total > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > No Cost. > > > > > > ------------------------------ > > You rock. That's why Blockbuster's offering you one month of Blockbuster > > Total > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > No Cost. > > > > > > ------------------------------ > > You rock. That's why Blockbuster's offering you one month of Blockbuster > > Total > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > No Cost. > > > > ------------------------------ > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > ------------------------------ > > You rock. That's why Blockbuster's offering you one month of Blockbuster > > Total > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > No Cost. > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > -- > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > ------------------------------ > You rock. That's why Blockbuster's offering you one month of Blockbuster > Total > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > No Cost. > > > ------------------------------ > You rock. That's why Blockbuster's offering you one month of Blockbuster > Total > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > No Cost. > > > ------------------------------ > You rock. That's why Blockbuster's offering you one month of Blockbuster > Total > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > No Cost. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia ------------------------------ You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, No Cost. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
