On Wed, Aug 27, 2008 at 5:07 PM, Troy Bull <[EMAIL PROTECTED]> wrote:
> <snip /> > > I am talking about single sign out, if I go to server/cas/logout it in > fact does not log me out. I'm only going by what you write in your emails. You said you logged out of App 1 but it didn't log out you but it logged you out of App 2. That's pretty much impossible based on the way the protocol works. Maybe it was a typo or that I misunderstood, but again I'm only going by what looked like you said. > > > > There has been much strangeness going on with this and none of it is > good. I have been trying to track down what is going on. I can > reproduce the problem with just 1 app and cas. > > Log in > then go to > https://server/cas/logout > > then navigate back to the app and I am still logged in, I am however > logged out of cas at this time. Basically cas never makes the > connection with the SingleSignOutFilter. I am not sure why, it may be > that it makes the connection but somehow inside single sign out filter > it looses its way. After you logout is the logout callback always showing up in the server logs? Or just sometimes? Are the apps clustered? Or just CAS? If your applications are clustered and you haven't backed the SingleSignOutFilter with something besides the default then the mappings won't show up on the other machines. Also I would make sure that the CAS servers have no restrictions on whether they can call back or not. Also, what method are you using to cluster the CAS servers? -Scott > > > i have turned on tracing in my app and am going over the log now here > is a bit of it: > > 71037 [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default > (self-tuning)'] DEBUG org.jasig.cas.client.session.SingleSignOutFilter > - Storing session identifier for > > sQydL18psB1sX6vh3Ww1dGvlVrcTmlZhJSyzC90KsHy0vJTPskQd!1155089760!-890672899!1219869790283 > <Aug 27, 2008 3:43:56 PM CDT> <Info> <Health> <BEA-310002> <79% of the > total memory in the server is free> > 179526 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Logout > request=[<samlp:LogoutRequest > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > ID="LR-12-Ku7eDedl50lFHRA1cW6GCg1trepnrjWhOZy" Version="2.0" > IssueInstant="2008-08-27T15:44:58Z"><saml:NameID > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@ > </saml:NameID><samlp:SessionIndex>ST-25-99h91t0cuMFJdcMEHSsC-cas</samlp:SessionIndex></samlp:LogoutRequest>] > 264867 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Storing session > identifier for > BJbVL19QwtZ03p6Rcn9GQQySknn1SMYzvjvSQlp62LvhmQjGQRHn!1155089760!-890672899!1219869984114 > 264946 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Storing session > identifier for > BJbVL19QwtZ03p6Rcn9GQQySknn1SMYzvjvSQlp62LvhmQjGQRHn!1155089760!-890672899!1219869984114 > 264948 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Placing > URL parameters in map. > 264949 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Calling > template URL attribute map. > 264949 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Loading > custom parameters from configuration. > 264949 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - > Constructing validation url: > > https://qualitynet-dev.sdps.org/QualityNetSecurity/serviceValidate?service=https%3A%2F%2Fqualitynet-dev.sdps.org%2Fnav%2Fj_spring_cas_security_check&ticket=ST-26-sG3fM1ueVFEQRE73eqta-cas&; > 264949 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - > Retrieving response from server. > 265076 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Server > response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > <cas:authenticationSuccess> > <cas:user>slongdo</cas:user> > > > </cas:authenticationSuccess> > </cas:serviceResponse> > > 265092 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.ifmc.qnet.security.QnetUserDetailsService - Using the following > URL for the Authorization Web Service authorization and authentication > information: > http://c2rbu25-app.sdps.org:4031/authws/services/AuthenticationService > 265107 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.ifmc.qnet.security.QnetUserDetailsService - Retrieving > OARSPrincipal for username: slongdo > 266332 [[ACTIVE] ExecuteThread: '2' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.ifmc.qnet.security.QnetUserDetailsService - Retrieving user roles > for username: slongdo > 266644 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Storing session > identifier for > BJbVL19QwtZ03p6Rcn9GQQySknn1SMYzvjvSQlp62LvhmQjGQRHn!1155089760!-890672899!1219869984114 > <Aug 27, 2008 3:46:26 PM CDT> <Info> <ServletContext-/nav> <000000> > <Initializing Spring FrameworkServlet 'nav'> > 266937 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.springframework.web.servlet.DispatcherServlet - FrameworkServlet > 'nav': initialization started > 267043 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.springframework.web.context.support.XmlWebApplicationContext - > Refreshing > [EMAIL PROTECTED]: > display name [WebApplicationContext for namespace 'nav-servlet']; > startup date [Wed Aug 27 15:46:26 CDT 2008]; parent: > [EMAIL PROTECTED] > 267055 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.springframework.beans.factory.xml.XmlBeanDefinitionReader - > Loading XML bean definitions from ServletContext resource > [/WEB-INF/nav-servlet.xml] > 267893 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.springframework.web.context.support.XmlWebApplicationContext - > Bean factory for application context > [EMAIL PROTECTED]: > [EMAIL PROTECTED] > 268259 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.springframework.beans.factory.support.DefaultListableBeanFactory > - Pre-instantiating singletons in > [EMAIL PROTECTED] > : > defining beans > [pronetUserDS,navDao,sqlMap,viewResolver,messageSource,/myTasks.htm]; > parent: > [EMAIL PROTECTED] > 270937 [[ACTIVE] ExecuteThread: '1' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.springframework.web.servlet.DispatcherServlet - FrameworkServlet > 'nav': initialization completed in 4000 ms > > > > I think that this case it "worked" I am searching trying to find a > case where it didn't work (in the logs) > > > Here is another time it shows up > > weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Logout > request=[<samlp:LogoutRequest > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > ID="LR-9-ZAFaKdhgKb9Lj94f4EDkMxbTKqbxbePPLM5" Version="2.0" > IssueInstant="2008-08-27T15:44:11Z"><saml:NameID > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@ > </saml:NameID><samlp:SessionIndex>ST-22-sY5XljFcE3BxgfRjGYJv-cas</samlp:SessionIndex></samlp:LogoutRequest>] > 130740 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Invalidating > session > [HQCWL18XZBy20gB9qxjCQ5TmL2VGJBgHXqG2CQTBZM2lvlLTGfkN!-890672899!1155089760!1219869815452] > for ST [ST-22-sY5XljFcE3BxgfRjGYJv-cas] > 130741 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutHttpSessionListener - > Removing HttpSession: > > HQCWL18XZBy20gB9qxjCQ5TmL2VGJBgHXqG2CQTBZM2lvlLTGfkN!-890672899!1155089760!1219869815452 > 154331 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Storing session > identifier for > QfgnL18MGLfYY9J5BmTnBxpCtrXxxXLhnRVTLQ4Zxv2nplGLgQjh!-890672899!1155089760!1219869868201 > 154332 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Placing > URL parameters in map. > 154332 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Calling > template URL attribute map. > 154332 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Loading > custom parameters from configuration. > 154332 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - > Constructing validation url: > > https://qualitynet-dev.sdps.org/QualityNetSecurity/serviceValidate?service=https%3A%2F%2Fqualitynet-dev.sdps.org%2Fnav%2Fj_spring_cas_security_check&ticket=ST-23-Rk6AwjgDmStR3uMujOiY-cas&; > 154332 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - > Retrieving response from server. > 154513 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Server > response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > <cas:authenticationSuccess> > <cas:user>slongdo</cas:user> > > > </cas:authenticationSuccess> > </cas:serviceResponse> > > 154538 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.ifmc.qnet.security.QnetUserDetailsService - Using the following > URL for the Authorization Web Service authorization and authentication > information: > http://c2rbu25-app.sdps.org:4031/authws/services/AuthenticationService > 154538 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.ifmc.qnet.security.QnetUserDetailsService - Retrieving > OARSPrincipal for username: slongdo > 154842 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] INFO > org.ifmc.qnet.security.QnetUserDetailsService - Retrieving user roles > for username: slongdo > 155118 [[ACTIVE] ExecuteThread: '3' for queue: > 'weblogic.kernel.Default (self-tuning)'] DEBUG > org.jasig.cas.client.session.SingleSignOutFilter - Storing session > identifier for > QfgnL18MGLfYY9J5BmTnBxpCtrXxxXLhnRVTLQ4Zxv2nplGLgQjh!-890672899!1155089760!1219869868201 > > > I am really lost if you have any ideas I should try please let me know. > > Thanks > troy > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
