Glad to hear it worked...I was starting to get really confused :-) On Tue, Apr 8, 2008 at 3:35 AM, tedzo <[EMAIL PROTECTED]> wrote:
> Ok, big screw up from my side (I was logging into one server and logging > out of another server :-B ). Everything is working as expected. > > Thanks Scott (and others that answered), as always for your time and > effort. Greatly appreciated. > > > > ----- Original Message ---- > From: Scott Battaglia <[EMAIL PROTECTED]> > To: Yale CAS mailing list <[email protected]> > Sent: Monday, April 7, 2008 7:23:19 PM > Subject: Re: Fwd: SingleSignout Problems > > Single Sign Out isn't going to do anything until your user goes to > /cas/logout > > -Scott > > On Mon, Apr 7, 2008 at 9:28 PM, tedzo <[EMAIL PROTECTED]> wrote: > > > I am not sure how to enable access log writing. I will look it up. > > > > I am not sure I understand what you mean when you say > > "..it will send an HTTP POST to each application's service url > > indicating they should destroy the session" > > > > Say > > - I access /app1/page-1.jsp > > - Then I access /app2/page2.jsp > > - I hit logout from page2.jsp > > > > I am going to get a POST to /app1/page-1.jsp and /app2/page2.jsp? And > > these apps are responsible for destroying the session? I thought the > > SignOutFilter would take care of destroying the session... > > > > The only thing I see now are these (a few of them)- > > > > 2008-04-07 18:12:37,431 DEBUG [http-8080-3] > > authentication.AuthenticationFilter > > 99 - removing gateway attribute from session > > > > Nothing else from CAS. > > > > Ideas? > > > > Thank you for your time. > > > > ----- Original Message ---- > > From: Scott Battaglia <[EMAIL PROTECTED]> > > To: Yale CAS mailing list <[email protected]> > > Sent: Monday, April 7, 2008 5:35:19 PM > > Subject: Fwd: SingleSignout Problems > > > > If you're using Tomcat, you won't see them unless you enable its access > > log writing. > > > > Essentially what should happen is that when you log out of CAS it will > > send an HTTP POST to each application's service url indicating they should > > destroy the session. > > > > -Scott > > > > ---------- Forwarded message ---------- > > From: tedzo <[EMAIL PROTECTED]> > > Date: Mon, Apr 7, 2008 at 8:12 PM > > Subject: Re: SingleSignout Problems > > To: Yale CAS mailing list <[email protected]> > > > > > > Thanks for your response. > > I don't see any POST. But maybe I am not looking at the right place? I > > tried catalina.out on the windowsXP setup where I am testing. Should I look > > elsewhere? > > > > Thanks for your time. > > > > ----- Original Message ---- > > From: Scott Battaglia <[EMAIL PROTECTED]> > > To: Yale CAS mailing list <[email protected]> > > Sent: Monday, April 7, 2008 1:43:54 PM > > Subject: Re: SingleSignout Problems > > > > Are you seeing POST calls in your Apache logs to the service url? That > > would indicate whether CAS is sending the Single Sign Out message or not. > > > > -Scott > > > > On Mon, Apr 7, 2008 at 3:06 PM, tedzo <[EMAIL PROTECTED]> wrote: > > > > > I renamed the subject line to better describe the question. > > > > > > I looked through a document pointed to by another poster (Adam)- > > > http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out. This > > > document talks about "a callback to each of the services that are > > > registered..." Where/How do I register? As of now I have- > > > 1. Added the SingleSignOut filter to the web.xml of each webapp > > > (before the other 3 filters- Authentication, Validation, Wrapper). > > > 2. Added the HttpSessionListener to each webapp's web.xml (before all > > > the filters are defined). > > > 3. I redirect the user to https://<server>:8443/cas/logout during > > > logout. > > > > > > Do I need to register for the callback explicitly? I am not sure even > > > if the SignOutFilter is being invoked because if I don't call > > > session.invalidate() before redirecting to /cas/logout, the session > > > continues to be valid. I am missing something here. What is it? > > > > > > Thanks for your time. > > > > > > ----- Original Message ---- > > > From: tedzo <[EMAIL PROTECTED]> > > > To: Yale CAS mailing list <[email protected]> > > > Sent: Sunday, April 6, 2008 10:48:31 PM > > > Subject: Re: How to get the username (netID)? > > > > > > Ok, so I am looking at the SingleSignOutFilter and > > > SingleSignOutHttpSessionListener and these are per webapp (i.e, defined in > > > every webapp's web.xml). Also, the code indicates that the filter > > > invalidates the session in the webapp where the user attempted to logout. > > > So, I am not sure I understand how this can cause the same user's sessions > > > in other webapps to also be destroyed. In short, how can this work? > > > > > > I am guessing I don't understand how a HttpSessionListener works... > > > > > > Thanks. > > > > > > ----- Original Message ---- > > > From: tedzo <[EMAIL PROTECTED]> > > > To: Yale CAS mailing list <[email protected]> > > > Sent: Sunday, April 6, 2008 9:53:37 PM > > > Subject: Re: How to get the username (netID)? > > > > > > Scott, > > > Thank you for your response. > > > > > > Actually, it turned out that I needed to include the other filters too > > > (not just the authentication filter, unlike the Yale Client I was used > > > to). > > > After I included the ValidationFilter, it worked just fine. > > > > > > I have now included the SingleZSignoutFilter and the SessionListener > > > in order to get SingleSignout working and its not? I added the filter and > > > listener to web.xml of 2 webapps. I invalidate the session and redirect to > > > /cas/logout when the user chooses to logout in one of the webapps. The > > > logout page displays. I assumed at this point that I would be logged out > > > of > > > the other webapp too. Thats not hapenning. What am I missing? (I admit, I > > > haven't yet searched the archives for mails detailing similar problems...) > > > > > > Thanks for your time. > > > > > > Av. > > > > > > ----- Original Message ---- > > > From: Scott Battaglia <[EMAIL PROTECTED]> > > > To: Yale CAS mailing list <[email protected]> > > > Sent: Sunday, April 6, 2008 6:27:01 PM > > > Subject: Re: How to get the username (netID)? > > > > > > Hi, > > > > > > What order are your filters in? Our wiki page (which I think you were > > > looking at) shows the order they should appear in. If they're in that > > > order, they should work. At least we haven't noticed any problems so far > > > :-) > > > > > > -Scott > > > > > > On Sat, Apr 5, 2008 at 2:01 PM, tedzo <[EMAIL PROTECTED]> wrote: > > > > > > > Thank you Calcutta for your response. > > > > > > > > After reading the document a bit more I too realized that I would > > > > need the HttpServletRequestWrapper. So, I added that. However I am > > > > hitting a > > > > weird NullPointerException when I try to get the RemoteUser- Apparantly, > > > > getUserPrincipal() is null within HttpServletRequestWrapperFilter. > > > > > > > > I am not sure what the cause of that would be. Is there an issue > > > > with the SSL certificate or something? I was successfully using server > > > > 3.06 > > > > and Yale client 2.1.1 on this machine and I replaced both with newer > > > > versions (3.1.2 and 3.1.1 client). So, I assumed everything should just > > > > start working... > > > > > > > > Exception Status Code : 500 > > > > Resource : /DXX/login.jsp > > > > Error : org.apache.jasper.JasperException: An exception occurred > > > > processing JSP > > > > page /login.jsp at line 85 > > > > > > > > 82: System.out.println("2222*****************"); > > > > 83: String ticket = request.getParameter("ticket"); > > > > 84: System.out.println("3333*****************"); > > > > 85: String user = request.getRemoteUser(); > > > > 86: System.out.println("4444*****************"); > > > > 87: int ec = -1; > > > > 88: > > > > > > > > > > > > Stacktrace: > > > > > > > > org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper > > > > .java:524) > > > > > > > > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:435) > > > > > > > > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320) > > > > org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266) > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > > > root cause: [java.lang.NullPointerException] :: null > > > > > > > > org.jasig.cas.client.util.HttpServletRequestWrapperFilter$CasHttpServletRequestW > > > > rapper.getRemoteUser(HttpServletRequestWrapperFilter.java:80) > > > > org.apache.jsp.login_jsp._jspService(login_jsp.java:1098) > > > > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > > > > > > > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:393) > > > > > > > > GET Query : > > > > rdir=%2FDXX%2Fmain.jsp%3Bjsessionid%3D10FA876D949F2C47D450E6055A2DB8 > > > > > > > > 79%3Fticket%3DST-1-bL1W1fQcus4ak3PDc9wi&error=7&ticket=ST-2-c5icFZJZe0LMbAaOATNc > > > > > > > > > > > > 2008-04-05 10:42:38,428 DEBUG [http-8080-2] > > > > authentication.AuthenticationFilter: > > > > 81 - no ticket and no assertion found > > > > 2008-04-05 10:42:38,428 DEBUG [http-8080-2] util.CommonUtils > > > > :195 - serviceU > > > > rl generated: > > > > http://ani.dxx.com:8080/DXX/login.jsp?rdir=%2FDXX%2FW<http://ani.dxx.com:8080/DMM/login.jsp?rdir=%2FDMM%2FW> > > > > > > > > EB-INF%2Fapplication%2Ferror%2Fexception.jsp%3Frdir%3D%252FDXX%252Fmain.jsp%253B > > > > > > > > jsessionid%253D10FA876D949F2C47D450E6055A2DB879%253Fticket%253DST-1-bL1W1fQcus4a > > > > > > > > Thank you for your time. > > > > > > > > > > > > ----- Original Message ---- > > > > From: Oh Calcutta <[EMAIL PROTECTED]> > > > > To: Yale CAS mailing list <[email protected]> > > > > Sent: Friday, April 4, 2008 11:42:35 PM > > > > Subject: Re: How to get the username (netID)? > > > > > > > > > > > > - If you enable HttpServletRequestWrapper filter, then you can do a > > > > simple request.getRemoteUser() to get the NetId. > > > > > > > > > > > > tedzo wrote: > > > > > > > > Some progress in my quest to use JA-SIG client 3.1.1 and eventually > > > > the SingleSignOutFilter... > > > > I am trying to get a hold of the username (netId) but have been > > > > unable to. It seems that I should be able to get to it using > > > > session.getAttribute("_const_cas_assertion_") from my jsp. But that > > > > doesn't > > > > seem to work. > > > > > > > > What am I missing? > > > > > > > > Thanks. > > > > > > > > > > > > ----- Original Message ---- > > > > From: tedzo <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > > > > To: Yale CAS mailing list <[email protected]><[email protected]> > > > > Sent: Friday, April 4, 2008 10:48:29 PM > > > > Subject: Re: Which version of cas to use for SingleSignOut feature? > > > > > > > > Ok, I found > > > > > > > > http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml > > > > > > > > That document describes 6 different filters (AuthenticationFilter, > > > > HttpServletRequestWrapper and so on). I am not sure if I need to > > > > configure > > > > all the filters or can I get away with just the AuthenticationFilter? > > > > In the > > > > Yale version I configured just the one filter (CASFilter) for > > > > authentication. > > > > > > > > Any pointers? > > > > > > > > Thanks. > > > > > > > > ----- Original Message ---- > > > > From: tedzo <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > > > > To: Yale CAS mailing list <[email protected]><[email protected]> > > > > Sent: Friday, April 4, 2008 10:22:55 PM > > > > Subject: Re: Which version of cas to use for SingleSignOut feature? > > > > > > > > That will be a problem :( I guess I will have to move to the newer > > > > versions. > > > > > > > > Is using JA-SIG Java client similar to using the Yale Client? I was > > > > looking for a tutorial of some sort that explains configuring/using the > > > > JA-SIG Java Client and didn't find any. This doesn't seem to work > > > > http://www.ja-sig.org/products/cas/client/client-java/index.html. > > > > > > > > I am seeing references to cas-client.properites etc and I am not > > > > sure how to proceed. > > > > For the Yale Java client, I just added the filter info in web.xml > > > > and I was off and running.... > > > > > > > > Your help is appreciated. > > > > > > > > Thanks. > > > > > > > > ----- Original Message ---- > > > > From: Adam Rybicki <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > > > > To: Yale CAS mailing list <[email protected]><[email protected]> > > > > Sent: Friday, April 4, 2008 4:38:01 PM > > > > Subject: Re: Which version of cas to use for SingleSignOut feature? > > > > > > > > Hi, > > > > > > > > The versions you are using do not support SSOut. You need CAS > > > > Server 3.1.1 or 3.1.2 if you must use a "release" version or 3.2.1-RC1 > > > > if > > > > you are OK with using a "release candidate" version. > > > > > > > > Yale CAS client does not support SSOut, but perhaps someone will > > > > contribute it. The JA-SIG CAS Client version 3.1.1 supports SSOut, and > > > > that's the latest version available. > > > > > > > > The earliest versions that should correctly support SSOut are 3.1.1 > > > > for CAS Server and 3.1 for JA-SIG CAS Client. > > > > > > > > Adam > > > > > > > > tedzo wrote: > > > > > > > > Hello all, > > > > I am trying to find out which versions of cas server and cas java > > > > client I need to use in order to be able to use the SingleSignOut > > > > feature. I > > > > currently have cas server 3.0.6 and Yale client 2.1.1. > > > > > > > > - Does it matter which version of client I use? > > > > - What are the earliest versions that support the said feature? > > > > > > > > Thanks. > > > > > > > > ------------------------------ > > > > You rock. That's why Blockbuster's offering you one month of > > > > Blockbuster Total > > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > > No Cost. > > > > > > > > ------------------------------ > > > > > > > > _______________________________________________ > > > > Yale CAS mailing list > > > > [email protected] > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------ > > > > You rock. That's why Blockbuster's offering you one month of > > > > Blockbuster Total > > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > > No Cost. > > > > > > > > > > > > ------------------------------ > > > > You rock. That's why Blockbuster's offering you one month of > > > > Blockbuster Total > > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > > No Cost. > > > > > > > > > > > > ------------------------------ > > > > You rock. That's why Blockbuster's offering you one month of > > > > Blockbuster Total > > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > > No Cost. > > > > > > > > ------------------------------ > > > > > > > > _______________________________________________ > > > > Yale CAS mailing list > > > > [email protected] > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------ > > > > You rock. That's why Blockbuster's offering you one month of > > > > Blockbuster Total > > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > > No Cost. > > > > > > > > _______________________________________________ > > > > Yale CAS mailing list > > > > [email protected] > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > > > > > > -- > > > -Scott Battaglia > > > PGP Public Key Id: 0x383733AA > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > > > > > ------------------------------ > > > You rock. That's why Blockbuster's offering you one month of > > > Blockbuster Total > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > No Cost. > > > > > > > > > ------------------------------ > > > You rock. That's why Blockbuster's offering you one month of > > > Blockbuster Total > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > No Cost. > > > > > > > > > ------------------------------ > > > You rock. That's why Blockbuster's offering you one month of > > > Blockbuster Total > > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > > No Cost. > > > > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > -- > > -Scott Battaglia > > PGP Public Key Id: 0x383733AA > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > > ------------------------------ > > You rock. That's why Blockbuster's offering you one month of Blockbuster > > Total > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > No Cost. > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > -- > > -Scott Battaglia > > PGP Public Key Id: 0x383733AA > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > > ------------------------------ > > You rock. That's why Blockbuster's offering you one month of Blockbuster > > Total > > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > > No Cost. > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > -- > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > ------------------------------ > You rock. That's why Blockbuster's offering you one month of Blockbuster > Total > Access<http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com>, > No Cost. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
