Single Sign Out isn't going to do anything until your user goes to /cas/logout
-Scott On Mon, Apr 7, 2008 at 9:28 PM, tedzo <[EMAIL PROTECTED]> wrote: > I am not sure how to enable access log writing. I will look it up. > > I am not sure I understand what you mean when you say > "..it will send an HTTP POST to each application's service url indicating > they should destroy the session" > > Say > - I access /app1/page-1.jsp > - Then I access /app2/page2.jsp > - I hit logout from page2.jsp > > I am going to get a POST to /app1/page-1.jsp and /app2/page2.jsp? And > these apps are responsible for destroying the session? I thought the > SignOutFilter would take care of destroying the session... > > The only thing I see now are these (a few of them)- > > 2008-04-07 18:12:37,431 DEBUG [http-8080-3] > authentication.AuthenticationFilter > 99 - removing gateway attribute from session > > Nothing else from CAS. > > Ideas? > > Thank you for your time. > > ----- Original Message ---- > From: Scott Battaglia <[EMAIL PROTECTED]> > To: Yale CAS mailing list <[email protected]> > Sent: Monday, April 7, 2008 5:35:19 PM > Subject: Fwd: SingleSignout Problems > > If you're using Tomcat, you won't see them unless you enable its access > log writing. > > Essentially what should happen is that when you log out of CAS it will > send an HTTP POST to each application's service url indicating they should > destroy the session. > > -Scott > > ---------- Forwarded message ---------- > From: tedzo <[EMAIL PROTECTED]> > Date: Mon, Apr 7, 2008 at 8:12 PM > Subject: Re: SingleSignout Problems > To: Yale CAS mailing list <[email protected]> > > > Thanks for your response. > I don't see any POST. But maybe I am not looking at the right place? I > tried catalina.out on the windowsXP setup where I am testing. Should I look > elsewhere? > > Thanks for your time. > > ----- Original Message ---- > From: Scott Battaglia <[EMAIL PROTECTED]> > To: Yale CAS mailing list <[email protected]> > Sent: Monday, April 7, 2008 1:43:54 PM > Subject: Re: SingleSignout Problems > > Are you seeing POST calls in your Apache logs to the service url? That > would indicate whether CAS is sending the Single Sign Out message or not. > > -Scott > > On Mon, Apr 7, 2008 at 3:06 PM, tedzo <[EMAIL PROTECTED]> wrote: > > > I renamed the subject line to better describe the question. > > > > I looked through a document pointed to by another poster (Adam)- > > http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out. This document > > talks about "a callback to each of the services that are registered..." > > Where/How do I register? As of now I have- > > 1. Added the SingleSignOut filter to the web.xml of each webapp (before > > the other 3 filters- Authentication, Validation, Wrapper). > > 2. Added the HttpSessionListener to each webapp's web.xml (before all > > the filters are defined). > > 3. I redirect the user to https://<server>:8443/cas/logout during > > logout. > > > > Do I need to register for the callback explicitly? I am not sure even if > > the SignOutFilter is being invoked because if I don't call > > session.invalidate() before redirecting to /cas/logout, the session > > continues to be valid. I am missing something here. What is it? > > > > Thanks for your time. > > > > ----- Original Message ---- > > From: tedzo <[EMAIL PROTECTED]> > > To: Yale CAS mailing list <[email protected]> > > Sent: Sunday, April 6, 2008 10:48:31 PM > > Subject: Re: How to get the username (netID)? > > > > Ok, so I am looking at the SingleSignOutFilter and > > SingleSignOutHttpSessionListener and these are per webapp (i.e, defined in > > every webapp's web.xml). Also, the code indicates that the filter > > invalidates the session in the webapp where the user attempted to logout. > > So, I am not sure I understand how this can cause the same user's sessions > > in other webapps to also be destroyed. In short, how can this work? > > > > I am guessing I don't understand how a HttpSessionListener works... > > > > Thanks. > > > > ----- Original Message ---- > > From: tedzo <[EMAIL PROTECTED]> > > To: Yale CAS mailing list <[email protected]> > > Sent: Sunday, April 6, 2008 9:53:37 PM > > Subject: Re: How to get the username (netID)? > > > > Scott, > > Thank you for your response. > > > > Actually, it turned out that I needed to include the other filters too > > (not just the authentication filter, unlike the Yale Client I was used to). > > After I included the ValidationFilter, it worked just fine. > > > > I have now included the SingleZSignoutFilter and the SessionListener in > > order to get SingleSignout working and its not? I added the filter and > > listener to web.xml of 2 webapps. I invalidate the session and redirect to > > /cas/logout when the user chooses to logout in one of the webapps. The > > logout page displays. I assumed at this point that I would be logged out of > > the other webapp too. Thats not hapenning. What am I missing? (I admit, I > > haven't yet searched the archives for mails detailing similar problems...) > > > > Thanks for your time. > > > > Av. > > > > ----- Original Message ---- > > From: Scott Battaglia <[EMAIL PROTECTED]> > > To: Yale CAS mailing list <[email protected]> > > Sent: Sunday, April 6, 2008 6:27:01 PM > > Subject: Re: How to get the username (netID)? > > > > Hi, > > > > What order are your filters in? Our wiki page (which I think you were > > looking at) shows the order they should appear in. If they're in that > > order, they should work. At least we haven't noticed any problems so far > > :-) > > > > -Scott > > > > On Sat, Apr 5, 2008 at 2:01 PM, tedzo <[EMAIL PROTECTED]> wrote: > > > > > Thank you Calcutta for your response. > > > > > > After reading the document a bit more I too realized that I would need > > > the HttpServletRequestWrapper. So, I added that. However I am hitting a > > > weird NullPointerException when I try to get the RemoteUser- Apparantly, > > > getUserPrincipal() is null within HttpServletRequestWrapperFilter. > > > > > > I am not sure what the cause of that would be. Is there an issue with > > > the SSL certificate or something? I was successfully using server 3.06 and > > > Yale client 2.1.1 on this machine and I replaced both with newer versions > > > (3.1.2 and 3.1.1 client). So, I assumed everything should just start > > > working... > > > > > > Exception Status Code : 500 > > > Resource : /DXX/login.jsp > > > Error : org.apache.jasper.JasperException: An exception occurred > > > processing JSP > > > page /login.jsp at line 85 > > > > > > 82: System.out.println("2222*****************"); > > > 83: String ticket = request.getParameter("ticket"); > > > 84: System.out.println("3333*****************"); > > > 85: String user = request.getRemoteUser(); > > > 86: System.out.println("4444*****************"); > > > 87: int ec = -1; > > > 88: > > > > > > > > > Stacktrace: > > > > > > org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper > > > .java:524) > > > > > > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:435) > > > > > > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320) > > > org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266) > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > > root cause: [java.lang.NullPointerException] :: null > > > > > > org.jasig.cas.client.util.HttpServletRequestWrapperFilter$CasHttpServletRequestW > > > rapper.getRemoteUser(HttpServletRequestWrapperFilter.java:80) > > > org.apache.jsp.login_jsp._jspService(login_jsp.java:1098) > > > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > > > > > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:393) > > > > > > GET Query : > > > rdir=%2FDXX%2Fmain.jsp%3Bjsessionid%3D10FA876D949F2C47D450E6055A2DB8 > > > > > > 79%3Fticket%3DST-1-bL1W1fQcus4ak3PDc9wi&error=7&ticket=ST-2-c5icFZJZe0LMbAaOATNc > > > > > > > > > 2008-04-05 10:42:38,428 DEBUG [http-8080-2] > > > authentication.AuthenticationFilter: > > > 81 - no ticket and no assertion found > > > 2008-04-05 10:42:38,428 DEBUG [http-8080-2] util.CommonUtils :195 > > > - serviceU > > > rl generated: > > > http://ani.dxx.com:8080/DXX/login.jsp?rdir=%2FDXX%2FW<http://ani.dxx.com:8080/DMM/login.jsp?rdir=%2FDMM%2FW> > > > > > > EB-INF%2Fapplication%2Ferror%2Fexception.jsp%3Frdir%3D%252FDXX%252Fmain.jsp%253B > > > > > > jsessionid%253D10FA876D949F2C47D450E6055A2DB879%253Fticket%253DST-1-bL1W1fQcus4a > > > > > > Thank you for your time. > > > > > > > > > ----- Original Message ---- > > > From: Oh Calcutta <[EMAIL PROTECTED]> > > > To: Yale CAS mailing list <[email protected]> > > > Sent: Friday, April 4, 2008 11:42:35 PM > > > Subject: Re: How to get the username (netID)? > > > > > > > > > - If you enable HttpServletRequestWrapper filter, then you can do a > > > simple request.getRemoteUser() to get the NetId. > > > > > > > > > tedzo wrote: > > > > > > Some progress in my quest to use JA-SIG client 3.1.1 and eventually > > > the SingleSignOutFilter... > > > I am trying to get a hold of the username (netId) but have been unable > > > to. It seems that I should be able to get to it using > > > session.getAttribute("_const_cas_assertion_") from my jsp. But that > > > doesn't > > > seem to work. > > > > > > What am I missing? > > > > > > Thanks. > > > > > > > > > ----- Original Message ---- > > > From: tedzo <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > > > To: Yale CAS mailing list <[email protected]> <[email protected]> > > > Sent: Friday, April 4, 2008 10:48:29 PM > > > Subject: Re: Which version of cas to use for SingleSignOut feature? > > > > > > Ok, I found > > > > > > http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml > > > > > > That document describes 6 different filters (AuthenticationFilter, > > > HttpServletRequestWrapper and so on). I am not sure if I need to configure > > > all the filters or can I get away with just the AuthenticationFilter? In > > > the > > > Yale version I configured just the one filter (CASFilter) for > > > authentication. > > > > > > Any pointers? > > > > > > Thanks. > > > > > > ----- Original Message ---- > > > From: tedzo <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > > > To: Yale CAS mailing list <[email protected]> <[email protected]> > > > Sent: Friday, April 4, 2008 10:22:55 PM > > > Subject: Re: Which version of cas to use for SingleSignOut feature? > > > > > > That will be a problem :( I guess I will have to move to the newer > > > versions. > > > > > > Is using JA-SIG Java client similar to using the Yale Client? I was > > > looking for a tutorial of some sort that explains configuring/using the > > > JA-SIG Java Client and didn't find any. This doesn't seem to work > > > http://www.ja-sig.org/products/cas/client/client-java/index.html. > > > > > > I am seeing references to cas-client.properites etc and I am not sure > > > how to proceed. > > > For the Yale Java client, I just added the filter info in web.xml and > > > I was off and running.... > > > > > > Your help is appreciated. > > > > > > Thanks. > > > > > > ----- Original Message ---- > > > From: Adam Rybicki <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > > > To: Yale CAS mailing list <[email protected]> <[email protected]> > > > Sent: Friday, April 4, 2008 4:38:01 PM > > > Subject: Re: Which version of cas to use for SingleSignOut feature? > > > > > > Hi, > > > > > > The versions you are using do not support SSOut. You need CAS Server > > > 3.1.1 or 3.1.2 if you must use a "release" version or 3.2.1-RC1 if you are > > > OK with using a "release candidate" version. > > > > > > Yale CAS client does not support SSOut, but perhaps someone will > > > contribute it. The JA-SIG CAS Client version 3.1.1 supports SSOut, and > > > that's the latest version available. > > > > > > The earliest versions that should correctly support SSOut are 3.1.1 > > > for CAS Server and 3.1 for JA-SIG CAS Client. > > > > > > Adam > > > > > > tedzo wrote: > > > > > > Hello all, > > > I am trying to find out which versions of cas server and cas java > > > client I need to use in order to be able to use the SingleSignOut > > > feature. I > > > currently have cas server 3.0.6 and Yale client 2.1.1. > > > > > > - Does it matter which version of client I use? > > > - What are the earliest versions that support the said feature? > > > > > > Thanks. > > > > > > ------------------------------ > > > You rock. That's why Blockbuster's offering you one month of > > > Blockbuster Total > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > No Cost. > > > > > > ------------------------------ > > > > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > > > > > > > ------------------------------ > > > You rock. That's why Blockbuster's offering you one month of > > > Blockbuster Total > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > No Cost. > > > > > > > > > ------------------------------ > > > You rock. That's why Blockbuster's offering you one month of > > > Blockbuster Total > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > No Cost. > > > > > > > > > ------------------------------ > > > You rock. That's why Blockbuster's offering you one month of > > > Blockbuster Total > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > No Cost. > > > > > > ------------------------------ > > > > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > > > > > > > > > > ------------------------------ > > > You rock. That's why Blockbuster's offering you one month of > > > Blockbuster Total > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > No Cost. > > > > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > -- > > -Scott Battaglia > > PGP Public Key Id: 0x383733AA > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > > ------------------------------ > > You rock. That's why Blockbuster's offering you one month of Blockbuster > > Total > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > No Cost. > > > > > > ------------------------------ > > You rock. That's why Blockbuster's offering you one month of Blockbuster > > Total > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > No Cost. > > > > > > ------------------------------ > > You rock. That's why Blockbuster's offering you one month of Blockbuster > > Total > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > No Cost. > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > -- > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > ------------------------------ > You rock. That's why Blockbuster's offering you one month of Blockbuster > Total > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > No Cost. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > -- > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > ------------------------------ > You rock. That's why Blockbuster's offering you one month of Blockbuster > Total > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > No Cost. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
