I upgraded to CAS Server 3.2.1 RC2 and after some changes in our code we
are back up and running. The problem is that I still don't see any
posts to the other registered services. I don't see any posts at all
after logging out (going to /cas/logout). Just a series of GETs.
Is there some other configuration that is necessary to turn on the POSTs
for Single Sign Out?
Thanks,
Steve
Scott Battaglia wrote:
On Thu, Apr 3, 2008 at 5:40 PM, Steve Podell <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
CAS is working great for our webapps. I need to add single signout to
our setup to do some cleanup in the soon to be invalidated sessions on
logout. So I added the Single Sign out filter and listener as
described
here...
http://www.ja-sig.org/wiki/display/CASC/Configuring+Single+Sign+Out
I am using cas-server-core-3.1.jar
When I set a debugger breakpoint in
org.jasig.cas.client.session.SingleSignOutFilter, I can see requests
coming through, but I never see a POST, so the request parameter
"logoutRequest" is not acted on. I also don't see the
artifactParameterName/"ticket" parameter coming through either, so the
the session references are not being cached.
The wiki page
http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out
mentions an ArgumentExtractor property called
disableSingleSignOut, but
I don't see where you would set it (and have not set it).
When I watch the requests on a http analyzer on my PC, there is an
early
POST on the login to cas that does contain the ticket on the response.
But a client side filter would not see the response...?
- Process : firefox.exe[2748]
(COUNT=25)
8 13:03:14:453 0.264 s POST 302 0 text/plain
https:///iii/cas/login;jsessionid=3C16428223AD4231E9079B8B50804C19?service=https%3A%2F%2Fmtdemo.iii.com%3A443%2Fiii%2Fmfrpro%2Fj_acegi_cas_security_check
https://mtdemo.iii.com:443/iii/mfrpro/j_acegi_cas_security_check?ticket=ST-5-SfMWDEiDcVLVoLxsaEbYfcT3ZXTupEvGHHB-20
So some basic questions:
1) This filter is client side cache of tickets and sessions?
The filter is a client side filter so it should be set on the
applications.
2) I should be seeing logoutRequest POSTs to the webapp so that
the CAS
client code can cache the tickets?
You'll only see the POST when you actually log out of CAS.
3) I should be seeing POSTs with "ticket" as a request parameter?
No you should only be seeing GETs with tickets.
4) This feature is in cas-server-core-3.1?
Your best bet is to use CAS Server 3.2.1 for Single Sign Out.
5) The feature defaults to "on"? The ArgumentExtractor properties are
already set up?
In CAS 3.2.1 it defaults to on. 3.2 had an accidental bug flipping a
! so it was defaulted to off, but appeared to be on.
-Scott
_______________________________________________
Yale CAS mailing list
[email protected] <mailto:[email protected]>
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
