Ok, big screw up from my side (I was logging into one server and logging out of
another server :-B ). Everything is working as expected.
Thanks Scott (and others that answered), as always for your time and effort.
Greatly appreciated.
----- Original Message ----
From: Scott Battaglia <[EMAIL PROTECTED]>
To: Yale CAS mailing list <[email protected]>
Sent: Monday, April 7, 2008 7:23:19 PM
Subject: Re: Fwd: SingleSignout Problems
Single Sign Out isn't going to do anything until your user goes to /cas/logout
-Scott
On Mon, Apr 7, 2008 at 9:28 PM, tedzo <[EMAIL PROTECTED]> wrote:
I am not sure how to enable access log writing. I will look it up.
I am not sure I understand what you mean when you say
"..it will send an HTTP POST to each application's service url indicating they
should destroy the session"
Say
- I access /app1/page-1.jsp
- Then I access /app2/page2.jsp
- I hit logout from page2.jsp
I am going to get a POST to /app1/page-1.jsp and /app2/page2.jsp? And these
apps are responsible for destroying the session? I thought the SignOutFilter
would take care of destroying the session...
The only thing I see now are these (a few of them)-
2008-04-07 18:12:37,431 DEBUG [http-8080-3] authentication.AuthenticationFilter
99 - removing gateway attribute from session
Nothing else from CAS.
Ideas?
Thank you for your time.
----- Original Message ----
From: Scott Battaglia <[EMAIL PROTECTED]>
To: Yale CAS mailing list <[email protected]>
Sent: Monday, April 7, 2008 5:35:19 PM
Subject: Fwd: SingleSignout Problems
If you're using Tomcat, you won't see them unless you enable its access log
writing.
Essentially what should happen is that when you log out of CAS it will send an
HTTP POST to each application's service url indicating they should destroy the
session.
-Scott
---------- Forwarded message ----------
From: tedzo <[EMAIL PROTECTED]>
Date: Mon, Apr 7, 2008 at 8:12 PM
Subject: Re: SingleSignout Problems
To: Yale CAS mailing list <[email protected]>
Thanks for your response.
I don't see any POST. But maybe I am not looking at the right place? I tried
catalina.out on the windowsXP setup where I am testing. Should I look elsewhere?
Thanks for your time.
----- Original Message ----
From: Scott Battaglia <[EMAIL PROTECTED]>
To: Yale CAS mailing list <[email protected]>
Sent: Monday, April 7, 2008 1:43:54 PM
Subject: Re: SingleSignout Problems
Are you seeing POST calls in your Apache logs to the service url? That would
indicate whether CAS is sending the Single Sign Out message or not.
-Scott
On Mon, Apr 7, 2008 at 3:06 PM, tedzo <[EMAIL PROTECTED]> wrote:
I renamed the subject line to better describe the question.
I looked through a document pointed to by another poster (Adam)-
http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out. This document talks
about "a callback to each of the services that are registered..." Where/How do
I register? As of now I have-
1. Added the SingleSignOut filter to the web.xml of each webapp (before the
other 3 filters- Authentication, Validation, Wrapper).
2. Added the HttpSessionListener to each webapp's web.xml (before all the
filters are defined).
3. I redirect the user to https://<server>:8443/cas/logout during logout.
Do I need to register for the callback explicitly? I am not sure even if the
SignOutFilter is being invoked because if I don't call session.invalidate()
before redirecting to /cas/logout, the session continues to be valid. I am
missing something here. What is it?
Thanks for your time.
----- Original Message ----
From: tedzo <[EMAIL PROTECTED]>
To: Yale CAS mailing list <[email protected]>
Sent: Sunday, April 6, 2008 10:48:31 PM
Subject: Re: How to get the username (netID)?
Ok, so I am looking at the SingleSignOutFilter and
SingleSignOutHttpSessionListener and these are per webapp (i.e, defined in
every webapp's web.xml). Also, the code indicates that the filter invalidates
the session in the webapp where the user attempted to logout. So, I am not sure
I understand how this can cause the same user's sessions in other webapps to
also be destroyed. In short, how can this work?
I am guessing I don't understand how a HttpSessionListener works...
Thanks.
----- Original Message ----
From: tedzo <[EMAIL PROTECTED]>
To: Yale CAS mailing list <[email protected]>
Sent: Sunday, April 6, 2008 9:53:37 PM
Subject: Re: How to get the username (netID)?
Scott,
Thank you for your response.
Actually, it turned out that I needed to include the other filters too (not
just the authentication filter, unlike the Yale Client I was used to). After I
included the ValidationFilter, it worked just fine.
I have now included the SingleZSignoutFilter and the SessionListener in order
to get SingleSignout working and its not? I added the filter and listener to
web.xml of 2 webapps. I invalidate the session and redirect to /cas/logout when
the user chooses to logout in one of the webapps. The logout page displays. I
assumed at this point that I would be logged out of the other webapp too. Thats
not hapenning. What am I missing? (I admit, I haven't yet searched the archives
for mails detailing similar problems...)
Thanks for your time.
Av.
----- Original Message ----
From: Scott Battaglia <[EMAIL PROTECTED]>
To: Yale CAS mailing list <[email protected]>
Sent: Sunday, April 6, 2008 6:27:01 PM
Subject: Re: How to get the username (netID)?
Hi,
What order are your filters in? Our wiki page (which I think you were looking
at) shows the order they should appear in. If they're in that order, they
should work. At least we haven't noticed any problems so far :-)
-Scott
On Sat, Apr 5, 2008 at 2:01 PM, tedzo <[EMAIL PROTECTED]> wrote:
Thank you Calcutta for your response.
After reading the document a bit more I too realized that I would need the
HttpServletRequestWrapper. So, I added that. However I am hitting a weird
NullPointerException when I try to get the RemoteUser- Apparantly,
getUserPrincipal() is null within HttpServletRequestWrapperFilter.
I am not sure what the cause of that would be. Is there an issue with the SSL
certificate or something? I was successfully using server 3.06 and Yale client
2.1.1 on this machine and I replaced both with newer versions (3.1.2 and 3.1.1
client). So, I assumed everything should just start working...
Exception Status Code : 500
Resource : /DXX/login.jsp
Error : org.apache.jasper.JasperException: An exception occurred processing JSP
page /login.jsp at line 85
82: System.out.println("2222*****************");
83: String ticket = request.getParameter("ticket");
84: System.out.println("3333*****************");
85: String user = request.getRemoteUser();
86: System.out.println("4444*****************");
87: int ec = -1;
88:
Stacktrace:
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper
.java:524)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:435)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
root cause: [java.lang.NullPointerException] :: null
org.jasig.cas.client.util.HttpServletRequestWrapperFilter$CasHttpServletRequestW
rapper.getRemoteUser(HttpServletRequestWrapperFilter.java:80)
org.apache.jsp.login_jsp._jspService(login_jsp.java:1098)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:393)
GET Query : rdir=%2FDXX%2Fmain.jsp%3Bjsessionid%3D10FA876D949F2C47D450E6055A2DB8
79%3Fticket%3DST-1-bL1W1fQcus4ak3PDc9wi&error=7&ticket=ST-2-c5icFZJZe0LMbAaOATNc
2008-04-05 10:42:38,428 DEBUG [http-8080-2] authentication.AuthenticationFilter:
81 - no ticket and no assertion found
2008-04-05 10:42:38,428 DEBUG [http-8080-2] util.CommonUtils :195 - serviceU
rl generated: http://ani.dxx.com:8080/DXX/login.jsp?rdir=%2FDXX%2FW
EB-INF%2Fapplication%2Ferror%2Fexception.jsp%3Frdir%3D%252FDXX%252Fmain.jsp%253B
jsessionid%253D10FA876D949F2C47D450E6055A2DB879%253Fticket%253DST-1-bL1W1fQcus4a
Thank you for your time.
----- Original Message ----
From: Oh Calcutta <[EMAIL PROTECTED]>
To: Yale CAS mailing list <[email protected]>
Sent: Friday, April 4, 2008 11:42:35 PM
Subject: Re: How to get the username (netID)?
- If you enable HttpServletRequestWrapper filter, then you can do asimple
request.getRemoteUser() to get the NetId.
tedzo wrote: Someprogress in my quest to use JA-SIG client 3.1.1 and
eventually theSingleSignOutFilter...
I am trying to get a hold of the username (netId) but have been unableto. It
seems that I should be able to get to it
usingsession.getAttribute("_const_cas_assertion_") from my jsp. But thatdoesn't
seem to work.
What am I missing?
Thanks.
-----Original Message ----
From: tedzo <[EMAIL PROTECTED]>
To: Yale CAS mailing list <[email protected]>
Sent: Friday, April 4, 2008 10:48:29 PM
Subject: Re: Which version of cas to use for SingleSignOut feature?
Ok,I found
http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml
That document describes 6 different filters
(AuthenticationFilter,HttpServletRequestWrapper and so on). I am not sure if I
need toconfigure all the filters or can I get away with just
theAuthenticationFilter? In the Yale version I configured just the onefilter
(CASFilter) for authentication.
Any pointers?
Thanks.
-----Original Message ----
From: tedzo <[EMAIL PROTECTED]>
To: Yale CAS mailing list <[email protected]>
Sent: Friday, April 4, 2008 10:22:55 PM
Subject: Re: Which version of cas to use for SingleSignOut feature?
Thatwill be a problem :( I guess I will have to move to the newer versions.
Is using JA-SIG Java client similar to using the Yale Client? I waslooking for
a tutorial of some sort that explains configuring/using theJA-SIG Java Client
and didn't find any. This doesn't seem to work
http://www.ja-sig.org/products/cas/client/client-java/index.html.
I am seeing references to cas-client.properites etc and I am not surehow to
proceed.
For the Yale Java client, I just added the filter info in web.xml and Iwas off
and running....
Your help is appreciated.
Thanks.
-----Original Message ----
From: Adam Rybicki <[EMAIL PROTECTED]>
To: Yale CAS mailing list <[email protected]>
Sent: Friday, April 4, 2008 4:38:01 PM
Subject: Re: Which version of cas to use for SingleSignOut feature?
Hi,
The versions you are using do not support SSOut. You need CAS Server3.1.1 or
3.1.2 if you must use a "release" version or 3.2.1-RC1 if youare OK with using
a "release candidate" version.
Yale CAS client does not support SSOut, but perhaps someone willcontribute it.
The JA-SIG CAS Client version 3.1.1 supports SSOut, andthat's the latest
version available.
The earliest versions that should correctly support SSOut are 3.1.1 forCAS
Server and 3.1 for JA-SIG CAS Client.
Adam
tedzo wrote: Helloall,
I am trying to find out which versions of cas server and cas javaclient I need
to use in order to be able to use the SingleSignOutfeature. I currently have
cas server 3.0.6 and Yale client 2.1.1.
- Does it matter which version of client I use?
- What are the earliest versions that support the said feature?
Thanks.
You rock. That's why Blockbuster's offering you one
month of Blockbuster Total Access, No Cost.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
You rock. That's why Blockbuster's offering you one
month of Blockbuster Total Access, No Cost.
You rock. That's why Blockbuster's offering you one
month of Blockbuster Total Access, No Cost.
You rock. That's why Blockbuster's offering you one
month of Blockbuster Total Access, No Cost.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
You rock. That's why Blockbuster's offering you one month of Blockbuster
Total Access, No Cost.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
You rock. That's why Blockbuster's offering you one month of Blockbuster
Total Access, No Cost.
You rock. That's why Blockbuster's offering you one month of Blockbuster
Total Access, No Cost.
You rock. That's why Blockbuster's offering you one month of Blockbuster
Total Access, No Cost.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
You rock. That's why Blockbuster's offering you one month of Blockbuster
Total Access, No Cost.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
You rock. That's why Blockbuster's offering you one month of Blockbuster
Total Access, No Cost.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total
Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
