This also appears to be time sensative. I can reproduce the following behavior over and over again.
Log in at App Go to single sign out url WAIT 15 seconds Go back to app I am prompted for login again (as expected) log out with single sign out url wait 15 seconds Go back to app I am prompted for login again (as expected) Log out from this point on no amount of waiting and no amount of clicking the logout button will log me out I am always logged in to the App, I think the App's session is not killed. If I close my browser I can repeat the above steps and it is completely reproduceable. On Wed, Aug 27, 2008 at 4:07 PM, Troy Bull <[EMAIL PROTECTED]> wrote: > On Wed, Aug 27, 2008 at 2:18 PM, Scott Battaglia > <[EMAIL PROTECTED]> wrote: >> >> -Scott Battaglia >> PGP Public Key Id: 0x383733AA >> LinkedIn: http://www.linkedin.com/in/scottbattaglia >> >> >> On Wed, Aug 27, 2008 at 3:11 PM, Troy Bull <[EMAIL PROTECTED]> wrote: >>> >>> On Wed, Aug 27, 2008 at 10:11 AM, Troy Bull <[EMAIL PROTECTED]> wrote: >>> > Greetings >>> > >>> > I have a fairly simple environment, a few apps and CAS 3.2.1 >>> > >>> > When I run it on my workstation it all works pefectly. However; when >>> > I run it on the server either in QA or in our TEST environment the >>> > single sign out feature doesnt seem to work. QA and TEST are >>> > clustered with multiple machines, my local workstation is setup as a >>> > cluster of 1. >>> > >>> > Does anyone have an ideas ? How can I bump up debugging so I can see >>> > more output in the logs. >>> > >>> > Thanks >>> > Troy >>> > >>> >>> >>> Hey, a bit more info. >>> >>> I have been testing different scenarios all day trying to figure this >>> out. It works like I said perfectly on my local development machine. >>> When I deploy to the test server or the QA server (they caught it in >>> QA), it doesnt log the user out. >>> >>> I have 2 apps I use for testing >>> >>> If i log in to 1, then log out of 1 I am logged out of 2 and out of >>> cas but still will be logged in to 1. >> >> I'm not sure this is possible. No CAS client talks to another CAS client. >> So if you've logged out of 1 then you've only logged out of application 1. >> >> -Scott >> > > I am talking about single sign out, if I go to server/cas/logout it in > fact does not log me out. > > > There has been much strangeness going on with this and none of it is > good. I have been trying to track down what is going on. I can > reproduce the problem with just 1 app and cas. > > Log in > then go to > https://server/cas/logout > > then navigate back to the app and I am still logged in, I am however > logged out of cas at this time. Basically cas never makes the > connection with the SingleSignOutFilter. I am not sure why, it may be > that it makes the connection but somehow inside single sign out filter > it looses its way. > > i have turned on tracing in my app and am going over the log now here > is a bit of it: > > 71037 [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default > (self-tuning)'] DEBUG org.jasig.cas.client.session.SingleSignOutFilter > - Storing session identifier for > sQydL18psB1sX6vh3Ww1dGvlVrcTmlZhJSyzC90KsHy0vJTPskQd!1155089760!-890672899!1219869790283 > <Aug 27, 2008 3:43:56 PM CDT> <Info> <Health> <BEA-310002> <79% of the > total memory in the server is free> > 179526 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Logout > request=[<samlp:LogoutRequest > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > ID="LR-12-Ku7eDedl50lFHRA1cW6GCg1trepnrjWhOZy" Version="2.0" > IssueInstant="2008-08-27T15:44:58Z"><saml:NameID > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-25-99h91t0cuMFJdcMEHSsC-cas</samlp:SessionIndex></samlp:LogoutRequest>] > 264867 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Storing session > identifier for > BJbVL19QwtZ03p6Rcn9GQQySknn1SMYzvjvSQlp62LvhmQjGQRHn!1155089760!-890672899!1219869984114 > 264946 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Storing session > identifier for > BJbVL19QwtZ03p6Rcn9GQQySknn1SMYzvjvSQlp62LvhmQjGQRHn!1155089760!-890672899!1219869984114 > 264948 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Placing > URL parameters in map. > 264949 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Calling > template URL attribute map. > 264949 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Loading > custom parameters from configuration. > 264949 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - > Constructing validation url: > https://qualitynet-dev.sdps.org/QualityNetSecurity/serviceValidate?service=https%3A%2F%2Fqualitynet-dev.sdps.org%2Fnav%2Fj_spring_cas_security_check&ticket=ST-26-sG3fM1ueVFEQRE73eqta-cas&; > 264949 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - > Retrieving response from server. > 265076 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Server > response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > <cas:authenticationSuccess> > <cas:user>slongdo</cas:user> > > > </cas:authenticationSuccess> > </cas:serviceResponse> > > 265092 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.ifmc.qnet.security.QnetUserDetailsService - Using the following > URL for the Authorization Web Service authorization and authentication > information: > http://c2rbu25-app.sdps.org:4031/authws/services/AuthenticationService > 265107 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.ifmc.qnet.security.QnetUserDetailsService - Retrieving > OARSPrincipal for username: slongdo > 266332 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.ifmc.qnet.security.QnetUserDetailsService - Retrieving user roles > for username: slongdo > 266644 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Storing session > identifier for > BJbVL19QwtZ03p6Rcn9GQQySknn1SMYzvjvSQlp62LvhmQjGQRHn!1155089760!-890672899!1219869984114 > <Aug 27, 2008 3:46:26 PM CDT> <Info> <ServletContext-/nav> <000000> > <Initializing Spring FrameworkServlet 'nav'> > 266937 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.springframework.web.servlet.DispatcherServlet - FrameworkServlet > 'nav': initialization started > 267043 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.springframework.web.context.support.XmlWebApplicationContext - > Refreshing [EMAIL PROTECTED]: > display name [WebApplicationContext for namespace 'nav-servlet']; > startup date [Wed Aug 27 15:46:26 CDT 2008]; parent: > [EMAIL PROTECTED] > 267055 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.springframework.beans.factory.xml.XmlBeanDefinitionReader - > Loading XML bean definitions from ServletContext resource > [/WEB-INF/nav-servlet.xml] > 267893 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.springframework.web.context.support.XmlWebApplicationContext - > Bean factory for application context > [EMAIL PROTECTED]: > [EMAIL PROTECTED] > 268259 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.springframework.beans.factory.support.DefaultListableBeanFactory > - Pre-instantiating singletons in > [EMAIL PROTECTED]: > defining beans > [pronetUserDS,navDao,sqlMap,viewResolver,messageSource,/myTasks.htm]; > parent: [EMAIL PROTECTED] > 270937 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.springframework.web.servlet.DispatcherServlet - FrameworkServlet > 'nav': initialization completed in 4000 ms > > > > I think that this case it "worked" I am searching trying to find a > case where it didn't work (in the logs) > > > Here is another time it shows up > > weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Logout > request=[<samlp:LogoutRequest > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > ID="LR-9-ZAFaKdhgKb9Lj94f4EDkMxbTKqbxbePPLM5" Version="2.0" > IssueInstant="2008-08-27T15:44:11Z"><saml:NameID > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-22-sY5XljFcE3BxgfRjGYJv-cas</samlp:SessionIndex></samlp:LogoutRequest>] > 130740 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Invalidating > session > [HQCWL18XZBy20gB9qxjCQ5TmL2VGJBgHXqG2CQTBZM2lvlLTGfkN!-890672899!1155089760!1219869815452] > for ST [ST-22-sY5XljFcE3BxgfRjGYJv-cas] > 130741 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutHttpSessionListener - > Removing HttpSession: > HQCWL18XZBy20gB9qxjCQ5TmL2VGJBgHXqG2CQTBZM2lvlLTGfkN!-890672899!1155089760!1219869815452 > 154331 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Storing session > identifier for > QfgnL18MGLfYY9J5BmTnBxpCtrXxxXLhnRVTLQ4Zxv2nplGLgQjh!-890672899!1155089760!1219869868201 > 154332 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Placing > URL parameters in map. > 154332 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Calling > template URL attribute map. > 154332 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Loading > custom parameters from configuration. > 154332 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - > Constructing validation url: > https://qualitynet-dev.sdps.org/QualityNetSecurity/serviceValidate?service=https%3A%2F%2Fqualitynet-dev.sdps.org%2Fnav%2Fj_spring_cas_security_check&ticket=ST-23-Rk6AwjgDmStR3uMujOiY-cas&; > 154332 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - > Retrieving response from server. > 154513 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Server > response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > <cas:authenticationSuccess> > <cas:user>slongdo</cas:user> > > > </cas:authenticationSuccess> > </cas:serviceResponse> > > 154538 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.ifmc.qnet.security.QnetUserDetailsService - Using the following > URL for the Authorization Web Service authorization and authentication > information: > http://c2rbu25-app.sdps.org:4031/authws/services/AuthenticationService > 154538 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.ifmc.qnet.security.QnetUserDetailsService - Retrieving > OARSPrincipal for username: slongdo > 154842 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.ifmc.qnet.security.QnetUserDetailsService - Retrieving user roles > for username: slongdo > 155118 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Storing session > identifier for > QfgnL18MGLfYY9J5BmTnBxpCtrXxxXLhnRVTLQ4Zxv2nplGLgQjh!-890672899!1155089760!1219869868201 > > > I am really lost if you have any ideas I should try please let me know. > > Thanks > troy > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
