On Mon, Aug 18, 2008 at 2:35 AM, Martin Lamprechter < [EMAIL PROTECTED]> wrote:
> Scott Battaglia schrieb: > > Martin, > > > > I'm not sure I follow what you're asking. > > > Sorry for my bad English :-X > > Are you asking about a potential redirect after using /logout (i.e. > > /logout?service=foo). If that's the case it only works if you've enabled > > that on the logout controller. > > > I call CAS to logout with a URL like.... cas/logout?service=http://... > But I never be redirected to the service-url :-( > What do you mean with "enable that on the logout controller"? > Just turn it on the application that starts logout? That's already done. > Is there something else to configure in CAS? Yes, you need to turn it on in the LogoutController. The property is something like "followServiceRedirects" (but I can't remember the name exactly) > > > If you're asking about errors for the callback of the logout (i.e. > notifying > > each application that the user logged out), then you may have an > application > > that uses a self-signed certificate which may not be in the JVM's cacerts > > file. > > > The application is notified. Well, the user isn't logged in any more. > But I get this error-message: > > PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > > Every time someone logs out. > But you're right, the certificate isn't in the JVM cacerts. > > Interesting that this only matters, when a user logout - login works > without any error-messages in the log. It matters only when logging out because that's the only time that CAS tries to contact the application (unless you're doing proxying) -Scott > > > Thanks a lot > Martin > > > -Scott > > > > -Scott Battaglia > > PGP Public Key Id: 0x383733AA > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > > On Fri, Aug 15, 2008 at 4:21 AM, Martin Lamprechter < > > [EMAIL PROTECTED]> wrote: > > > > > >> Hi, > >> > >> I use CAS 3.2.1.1 and I guess everything works fine. > >> But today I have a look at the log-file and I saw many errors like this: > >> > >> > >>> PKIX path building failed: > >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to > >>> find valid certification path to requested target > >>> > >> On every logout a new error-log is written. > >> > >> Maybe it is something wrong with the logout service-redirectURL - it is > >> signed, but the cert doesn't match the URL (just testing right now). > >> But when CAS is so strong with certs, why can I login to the same URL? > >> > >> And if everything works fine - should I be redirected to the > >> ?service-URL? In my case logout ends on the CAS-Logout site.... > >> > >> Best regards > >> Martin > >> _______________________________________________ > >> Yale CAS mailing list > >> [email protected] > >> http://tp.its.yale.edu/mailman/listinfo/cas > >> > >> > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
