subject:"\[cas\-user\] Back Channel not called"

Re: [cas-user] Back Channel not called

2018-08-16 Thread Ramakrishna G

Thanks Ray for clarifying things.

Regards
Ramakrishna G

On Thu, Aug 16, 2018, 9:09 PM Ray Bon  wrote:

> Ram,
>
> The back channel logout goes to the service, not the browser, so the
> service needs to end the user session. The user will only know the other
> tabs are logged out when they do a page refresh/request.
>
> Ray
>
> On Thu, 2018-08-16 at 20:53 +0530, Ramakrishna G wrote:
>
> Ray,
>
> I downgraded the cas version and it is working fine. Thanks for your help!!
>
> If I have opened same service in multiple tab of same browser, can I send
> backchannel request to all the opened tabs? Apart from checking from
> javascript for every 5 secound in client side, do we have some mechanism in
> cas which notifies all the services which are active.
>
> Thanks
> Ram
>
>
> On Thu, Aug 16, 2018 at 12:13 AM, Ray Bon  wrote:
>
> Ram,
>
> I am currently on 5.2.2.
> logouturl should be publicly available. If using back channel, it is CAS
> that is calling and not user's browser so there is no session. With front
> channel, you could get away with it protected but if the session ended just
> as the redirect happened then you get the log in page when trying to log
> out, that would be weird.
>
> Ray
>
> On Wed, 2018-08-15 at 23:26 +0530, Ramakrishna G wrote:
>
> Ray,
>
> Which version of CAS are you using? I remember back channel was working
> fine when I was using CAS version 5.2.2
>
> Now when I updated to 5.3 it is not working.
>
> Should logouturl be part of protected CAS resource?
>
> On Wed, Aug 15, 2018, 10:24 PM Ray Bon  wrote:
>
> Ram,
>
> Are you sure the request is not reaching? I checked my tomcat and it will
> show the logout POST in the access log but apache does not.
> The service id is abc.domain.com (where login happened), but the target
> logout is xyz.domain.com. Is this a typo? The only thing identifying the
> session to terminate is the ST. If it was sent to abc on login, then xyz
> will not know about it (unless you have some funky cross domain session
> sharing).
> Can you add some logging to logout.html?
> You can also add some data to the curl POST:
>
> message= xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
> ID="LR-3-yqsjo-tsMJUTvMmf-o4-D-EI" Version="2.0"
> IssueInstant="2018-08-15T09:31:59Z"> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@
> ST-1-wtDww85p-eauhK1Obnv28JuCVrM-tomt
>
> just change the ST value.
>
> Ray
>
> On Wed, 2018-08-15 at 21:37 +0530, Ramakrishna G wrote:
>
> Ray,
>
> I have tried all possible ways but my logoutUrl is not called.
>
> This is my log
>
>  https://abc.domain.com/, originalUrl=https://abc.domain.com/,
> artifactId=null, principal=cas, source=service, loggedOutAlready=false,
> format=XML, attributes={})] is [BACK_CHANNEL]>
> 2018-08-15 21:32:12,403 DEBUG
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
>  [DefaultLogoutRequest(ticketId=ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02,
> service=AbstractWebApplicationService(id=https://abc.domain.com/,
> originalUrl=https://abc.domain.com/, artifactId=null, principal=cas,
> source=service, loggedOutAlready=false, format=XML, attributes={}),
> status=NOT_ATTEMPTED, logoutUrl=https://xyz.domain.com/logout.html)]>
> 2018-08-15 21:32:12,404 DEBUG
> [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] -  logout message: [ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
> ID="LR-3--WXquGTKlwEFb7fwvKR-GkI1" Version="2.0"
> IssueInstant="2018-08-15T21:32:12Z"> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@
> ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02]>
> 2018-08-15 21:32:12,405 DEBUG
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
> https://abc.domain.com/] to [
> https://xyz.domain.com/logout.html]>
> 2018-08-15 21:32:12,406 DEBUG
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
>  https://xyz.domain.com/logout.html,
> message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-3--WXquGTKlwEFb7fwvKR-GkI1%22+Version%3D%222.0%22+IssueInstant%3D%222018-08-15T21%3A32%3A12Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E,
> responseCode=0, asynchronous=true,
> contentType=application/x-www-form-urlencoded)]. Sending...>
> 2018-08-15 21:32:12,452 DEBUG [org.apereo.cas.util.http.SimpleHttpClient]
> -  https://xyz.domain.com/logout.html HTTP/1.1]>
> 2018-08-15 21:32:12,466 INFO [org.apereo.cas.logout.DefaultLogoutManager]
> - <[1] logout requests were processed>
> 2018-08-15 21:32:12,468 DEBUG
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] -  decode
> [EncodedTicket(id=87a5d1181fbfe4f24bcfabf5119ad705c3ccbdb6a606ff691637b2d778174c8495a08f55b5f01ceca966934b3dea9dee0ae368114f68c3679c168fe56034b049)]>
> 2018-08-15 21:32:12,469 DEBUG
> [or

Re: [cas-user] Back Channel not called

2018-08-16 Thread Ray Bon

Ram,

The back channel logout goes to the service, not the browser, so the service 
needs to end the user session. The user will only know the other tabs are 
logged out when they do a page refresh/request.

Ray

On Thu, 2018-08-16 at 20:53 +0530, Ramakrishna G wrote:
Ray,

I downgraded the cas version and it is working fine. Thanks for your help!!

If I have opened same service in multiple tab of same browser, can I send 
backchannel request to all the opened tabs? Apart from checking from javascript 
for every 5 secound in client side, do we have some mechanism in cas which 
notifies all the services which are active.

Thanks
Ram


On Thu, Aug 16, 2018 at 12:13 AM, Ray Bon mailto:r...@uvic.ca>> 
wrote:
Ram,

I am currently on 5.2.2.
logouturl should be publicly available. If using back channel, it is CAS that 
is calling and not user's browser so there is no session. With front channel, 
you could get away with it protected but if the session ended just as the 
redirect happened then you get the log in page when trying to log out, that 
would be weird.

Ray

On Wed, 2018-08-15 at 23:26 +0530, Ramakrishna G wrote:
Ray,

Which version of CAS are you using? I remember back channel was working fine 
when I was using CAS version 5.2.2

Now when I updated to 5.3 it is not working.

Should logouturl be part of protected CAS resource?

On Wed, Aug 15, 2018, 10:24 PM Ray Bon mailto:r...@uvic.ca>> 
wrote:
Ram,

Are you sure the request is not reaching? I checked my tomcat and it will show 
the logout POST in the access log but apache does not.
The service id is abc.domain.com (where login happened), 
but the target logout is xyz.domain.com. Is this a typo? 
The only thing identifying the session to terminate is the ST. If it was sent 
to abc on login, then xyz will not know about it (unless you have some funky 
cross domain session sharing).
Can you add some logging to logout.html?
You can also add some data to the curl POST:

message=@NOT_USED@ST-1-wtDww85p-eauhK1Obnv28JuCVrM-tomt

just change the ST value.

Ray

On Wed, 2018-08-15 at 21:37 +0530, Ramakrishna G wrote:
Ray,

I have tried all possible ways but my logoutUrl is not called.

This is my log

https://abc.domain.com/, 
originalUrl=https://abc.domain.com/, artifactId=null, principal=cas, 
source=service, loggedOutAlready=false, format=XML, attributes={})] is 
[BACK_CHANNEL]>
2018-08-15 21:32:12,403 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://abc.domain.com/, 
originalUrl=https://abc.domain.com/, artifactId=null, principal=cas, 
source=service, loggedOutAlready=false, format=XML, attributes={}), 
status=NOT_ATTEMPTED, logoutUrl=https://xyz.domain.com/logout.html)]>
2018-08-15 21:32:12,404 DEBUG 
[org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - @NOT_USED@ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02]>
2018-08-15 21:32:12,405 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://abc.domain.com/] to 
[https://xyz.domain.com/logout.html]>
2018-08-15 21:32:12,406 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://xyz.domain.com/logout.html, 
message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-3--WXquGTKlwEFb7fwvKR-GkI1%22+Version%3D%222.0%22+IssueInstant%3D%222018-08-15T21%3A32%3A12Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E,
 responseCode=0, asynchronous=true, 
contentType=application/x-www-form-urlencoded)]. Sending...>
2018-08-15 21:32:12,452 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] - 
https://xyz.domain.com/logout.html 
HTTP/1.1]>
2018-08-15 21:32:12,466 INFO [org.apereo.cas.logout.DefaultLogoutManager] - 
<[1] logout requests were processed>
2018-08-15 21:32:12,468 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,469 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,470 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,471 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,472 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,473 DEBUG 
[org.apereo.cas.AbstractCentralAuthenticationService] - 
2018-08-15 21:32:12,474 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://xyz.domain.com/logout.html " from my 
cas server.


I don't see any log in my Apache though. I have also tried FRONT_CHANNEL but no 
luck.

Can you please check and help me in resolving this.

Thanks
Ram



On Mon, Aug 13, 2018 at 10:01 PM, Ray Bon mailto:r...@uvic.ca>> 
wrote:
Ramakrishna,

If you have not done so already, turn up debugg

Re: [cas-user] Back Channel not called

2018-08-16 Thread Ramakrishna G

Ray,

I downgraded the cas version and it is working fine. Thanks for your help!!

If I have opened same service in multiple tab of same browser, can I send
backchannel request to all the opened tabs? Apart from checking from
javascript for every 5 secound in client side, do we have some mechanism in
cas which notifies all the services which are active.

Thanks
Ram


On Thu, Aug 16, 2018 at 12:13 AM, Ray Bon  wrote:

> Ram,
>
> I am currently on 5.2.2.
> logouturl should be publicly available. If using back channel, it is CAS
> that is calling and not user's browser so there is no session. With front
> channel, you could get away with it protected but if the session ended just
> as the redirect happened then you get the log in page when trying to log
> out, that would be weird.
>
> Ray
>
> On Wed, 2018-08-15 at 23:26 +0530, Ramakrishna G wrote:
>
> Ray,
>
> Which version of CAS are you using? I remember back channel was working
> fine when I was using CAS version 5.2.2
>
> Now when I updated to 5.3 it is not working.
>
> Should logouturl be part of protected CAS resource?
>
> On Wed, Aug 15, 2018, 10:24 PM Ray Bon  wrote:
>
> Ram,
>
> Are you sure the request is not reaching? I checked my tomcat and it will
> show the logout POST in the access log but apache does not.
> The service id is abc.domain.com (where login happened), but the target
> logout is xyz.domain.com. Is this a typo? The only thing identifying the
> session to terminate is the ST. If it was sent to abc on login, then xyz
> will not know about it (unless you have some funky cross domain session
> sharing).
> Can you add some logging to logout.html?
> You can also add some data to the curl POST:
>
> message= xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
> ID="LR-3-yqsjo-tsMJUTvMmf-o4-D-EI" Version="2.0"
> IssueInstant="2018-08-15T09:31:59Z"> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED
> @ST-1-wtDww85p-eauhK1Obnv2
> 8JuCVrM-tomt
>
> just change the ST value.
>
> Ray
>
> On Wed, 2018-08-15 at 21:37 +0530, Ramakrishna G wrote:
>
> Ray,
>
> I have tried all possible ways but my logoutUrl is not called.
>
> This is my log
>
>  https://abc.domain.com/, originalUrl=https://abc.domain.com/,
> artifactId=null, principal=cas, source=service, loggedOutAlready=false,
> format=XML, attributes={})] is [BACK_CHANNEL]>
> 2018-08-15 21:32:12,403 DEBUG [org.apereo.cas.logout.Default
> SingleLogoutServiceMessageHandler] -  request based on [DefaultLogoutRequest(ticketId
> =ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02,
> service=AbstractWebApplicationService(id=https://abc.domain.com/,
> originalUrl=https://abc.domain.com/, artifactId=null, principal=cas,
> source=service, loggedOutAlready=false, format=XML, attributes={}),
> status=NOT_ATTEMPTED, logoutUrl=https://xyz.domain.com/logout.html)]>
> 2018-08-15 21:32:12,404 DEBUG 
> [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator]
> -  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
> ID="LR-3--WXquGTKlwEFb7fwvKR-GkI1" Version="2.0"
> IssueInstant="2018-08-15T21:32:12Z"> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED
> @ST-3-9xOj3CM8bFolCEXzTk6p
> JaeSE1oSSLDCTRSSO02]>
> 2018-08-15 21:32:12,405 DEBUG [org.apereo.cas.logout.Default
> SingleLogoutServiceMessageHandler] -  https://abc.domain.com/] to [https://xyz.domain.com/logout.html]>
> 2018-08-15 21:32:12,406 DEBUG [org.apereo.cas.logout.Default
> SingleLogoutServiceMessageHandler] -  [HttpMessage(url=https://xyz.domain.com/logout.html,
> message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp
> %3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%
> 22+ID%3D%22LR-3--WXquGTKlwEFb7fwvKR-GkI1%22+Version%3D%222.
> 0%22+IssueInstant%3D%222018-08-15T21%3A32%3A12Z%22%3E%
> 3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%
> 3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANam
> eID%3E%3Csamlp%3ASessionIndex%3EST-3-9xOj3CM8bFolCEXzTk6pJae
> SE1oSSLDCTRSSO02%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E,
> responseCode=0, asynchronous=true, 
> contentType=application/x-www-form-urlencoded)].
> Sending...>
> 2018-08-15 21:32:12,452 DEBUG [org.apereo.cas.util.http.SimpleHttpClient]
> - https://xyz.domain.com/logout.
> html HTTP/1.1]>
> 2018-08-15 21:32:12,466 INFO [org.apereo.cas.logout.DefaultLogoutManager]
> - <[1] logout requests were processed>
> 2018-08-15 21:32:12,468 DEBUG 
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry]
> -  e4f24bcfabf5119ad705c3ccbdb6a606ff691637b2d778174c8495a08f55
> b5f01ceca966934b3dea9dee0ae368114f68c3679c168fe56034b049)]>
> 2018-08-15 21:32:12,469 DEBUG 
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry]
> -  vU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02]>
> 2018-08-15 21:32:12,470 DEBUG 
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry]
> -  vU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02] from the
> registry.>
> 2018-08-15 21:32:12,471 DEBUG 
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry]
> - 
> 2018-

Re: [cas-user] Back Channel not called

2018-08-15 Thread Ray Bon

Ram,

I am currently on 5.2.2.
logouturl should be publicly available. If using back channel, it is CAS that 
is calling and not user's browser so there is no session. With front channel, 
you could get away with it protected but if the session ended just as the 
redirect happened then you get the log in page when trying to log out, that 
would be weird.

Ray

On Wed, 2018-08-15 at 23:26 +0530, Ramakrishna G wrote:
Ray,

Which version of CAS are you using? I remember back channel was working fine 
when I was using CAS version 5.2.2

Now when I updated to 5.3 it is not working.

Should logouturl be part of protected CAS resource?

On Wed, Aug 15, 2018, 10:24 PM Ray Bon mailto:r...@uvic.ca>> 
wrote:
Ram,

Are you sure the request is not reaching? I checked my tomcat and it will show 
the logout POST in the access log but apache does not.
The service id is abc.domain.com (where login happened), 
but the target logout is xyz.domain.com. Is this a typo? 
The only thing identifying the session to terminate is the ST. If it was sent 
to abc on login, then xyz will not know about it (unless you have some funky 
cross domain session sharing).
Can you add some logging to logout.html?
You can also add some data to the curl POST:

message=@NOT_USED@ST-1-wtDww85p-eauhK1Obnv28JuCVrM-tomt

just change the ST value.

Ray

On Wed, 2018-08-15 at 21:37 +0530, Ramakrishna G wrote:
Ray,

I have tried all possible ways but my logoutUrl is not called.

This is my log

https://abc.domain.com/, 
originalUrl=https://abc.domain.com/, artifactId=null, principal=cas, 
source=service, loggedOutAlready=false, format=XML, attributes={})] is 
[BACK_CHANNEL]>
2018-08-15 21:32:12,403 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://abc.domain.com/, 
originalUrl=https://abc.domain.com/, artifactId=null, principal=cas, 
source=service, loggedOutAlready=false, format=XML, attributes={}), 
status=NOT_ATTEMPTED, logoutUrl=https://xyz.domain.com/logout.html)]>
2018-08-15 21:32:12,404 DEBUG 
[org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - @NOT_USED@ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02]>
2018-08-15 21:32:12,405 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://abc.domain.com/] to 
[https://xyz.domain.com/logout.html]>
2018-08-15 21:32:12,406 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://xyz.domain.com/logout.html, 
message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-3--WXquGTKlwEFb7fwvKR-GkI1%22+Version%3D%222.0%22+IssueInstant%3D%222018-08-15T21%3A32%3A12Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E,
 responseCode=0, asynchronous=true, 
contentType=application/x-www-form-urlencoded)]. Sending...>
2018-08-15 21:32:12,452 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] - 
https://xyz.domain.com/logout.html 
HTTP/1.1]>
2018-08-15 21:32:12,466 INFO [org.apereo.cas.logout.DefaultLogoutManager] - 
<[1] logout requests were processed>
2018-08-15 21:32:12,468 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,469 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,470 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,471 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,472 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,473 DEBUG 
[org.apereo.cas.AbstractCentralAuthenticationService] - 
2018-08-15 21:32:12,474 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://xyz.domain.com/logout.html " from my 
cas server.


I don't see any log in my Apache though. I have also tried FRONT_CHANNEL but no 
luck.

Can you please check and help me in resolving this.

Thanks
Ram



On Mon, Aug 13, 2018 at 10:01 PM, Ray Bon mailto:r...@uvic.ca>> 
wrote:
Ramakrishna,

If you have not done so already, turn up debugging on CAS and client to see if 
there is any hint. You may have to dig into network communications.
Can you curl a post to:
curl -X POST https://domain/logout.html

Ray

On Mon, 2018-08-13 at 16:57 +0530, Ramakrishna G wrote:
Ray,

I tried even with domain name. No luck!!






On Fri, Aug 10, 2018 at 10:58 PM, Ray Bon mailto:r...@uvic.ca>> 
wrote:
Try with the name instead of ip.

Ray

On Fri, 2018-08-10 at 22:18 +0530, Ramakrishna G wrote:
I am using wild card certificate. Certificate is installed in both the machine. 
I don't have domains created for CAS servers. I am accessing via IP. Would that 
be the reason? Is it necessary to communicate with CAS servers with domain name?

On Fri, Aug 10, 2018, 1

Re: [cas-user] Back Channel not called

2018-08-15 Thread Ramakrishna G

Ray,

Which version of CAS are you using? I remember back channel was working
fine when I was using CAS version 5.2.2

Now when I updated to 5.3 it is not working.

Should logouturl be part of protected CAS resource?

On Wed, Aug 15, 2018, 10:24 PM Ray Bon  wrote:

> Ram,
>
> Are you sure the request is not reaching? I checked my tomcat and it will
> show the logout POST in the access log but apache does not.
> The service id is abc.domain.com (where login happened), but the target
> logout is xyz.domain.com. Is this a typo? The only thing identifying the
> session to terminate is the ST. If it was sent to abc on login, then xyz
> will not know about it (unless you have some funky cross domain session
> sharing).
> Can you add some logging to logout.html?
> You can also add some data to the curl POST:
>
> message= xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
> ID="LR-3-yqsjo-tsMJUTvMmf-o4-D-EI" Version="2.0"
> IssueInstant="2018-08-15T09:31:59Z"> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@
> ST-1-wtDww85p-eauhK1Obnv28JuCVrM-tomt
>
> just change the ST value.
>
> Ray
>
> On Wed, 2018-08-15 at 21:37 +0530, Ramakrishna G wrote:
>
> Ray,
>
> I have tried all possible ways but my logoutUrl is not called.
>
> This is my log
>
>  https://abc.domain.com/, originalUrl=https://abc.domain.com/,
> artifactId=null, principal=cas, source=service, loggedOutAlready=false,
> format=XML, attributes={})] is [BACK_CHANNEL]>
> 2018-08-15 21:32:12,403 DEBUG
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
>  [DefaultLogoutRequest(ticketId=ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02,
> service=AbstractWebApplicationService(id=https://abc.domain.com/,
> originalUrl=https://abc.domain.com/, artifactId=null, principal=cas,
> source=service, loggedOutAlready=false, format=XML, attributes={}),
> status=NOT_ATTEMPTED, logoutUrl=https://xyz.domain.com/logout.html)]>
> 2018-08-15 21:32:12,404 DEBUG
> [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] -  logout message: [ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
> ID="LR-3--WXquGTKlwEFb7fwvKR-GkI1" Version="2.0"
> IssueInstant="2018-08-15T21:32:12Z"> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@
> ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02]>
> 2018-08-15 21:32:12,405 DEBUG
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
> https://abc.domain.com/] to [
> https://xyz.domain.com/logout.html]>
> 2018-08-15 21:32:12,406 DEBUG
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
>  https://xyz.domain.com/logout.html,
> message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-3--WXquGTKlwEFb7fwvKR-GkI1%22+Version%3D%222.0%22+IssueInstant%3D%222018-08-15T21%3A32%3A12Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E,
> responseCode=0, asynchronous=true,
> contentType=application/x-www-form-urlencoded)]. Sending...>
> 2018-08-15 21:32:12,452 DEBUG [org.apereo.cas.util.http.SimpleHttpClient]
> -  https://xyz.domain.com/logout.html HTTP/1.1]>
> 2018-08-15 21:32:12,466 INFO [org.apereo.cas.logout.DefaultLogoutManager]
> - <[1] logout requests were processed>
> 2018-08-15 21:32:12,468 DEBUG
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] -  decode
> [EncodedTicket(id=87a5d1181fbfe4f24bcfabf5119ad705c3ccbdb6a606ff691637b2d778174c8495a08f55b5f01ceca966934b3dea9dee0ae368114f68c3679c168fe56034b049)]>
> 2018-08-15 21:32:12,469 DEBUG
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] -  to
> [TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02]>
> 2018-08-15 21:32:12,470 DEBUG
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] -  children of ticket
> [TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02]
> from the registry.>
> 2018-08-15 21:32:12,471 DEBUG
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] -  [ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02]>
> 2018-08-15 21:32:12,472 DEBUG
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] -  [TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02]
> from the registry.>
> 2018-08-15 21:32:12,473 DEBUG
> [org.apereo.cas.AbstractCentralAuthenticationService] -  [CasTicketGrantingTicketDestroyedEvent(ticketGrantingTicket=TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02)]>
> 2018-08-15 21:32:12,474 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: cas
> WHAT:
> TGT-3-aFjeNpK6frLv2VrXoSrbbsuvU110DAhlXFSbKfDq87EW1yk8F7s6-8nhHLwwbBoOPbUSSLDCTRSSO02
> ACTION: TICKET_GRANTING_TICKET_DESTRO

Re: [cas-user] Back Channel not called

2018-08-15 Thread Ray Bon

Ram,

Are you sure the request is not reaching? I checked my tomcat and it will show 
the logout POST in the access log but apache does not.
The service id is abc.domain.com (where login happened), but the target logout 
is xyz.domain.com. Is this a typo? The only thing identifying the session to 
terminate is the ST. If it was sent to abc on login, then xyz will not know 
about it (unless you have some funky cross domain session sharing).
Can you add some logging to logout.html?
You can also add some data to the curl POST:

message=@NOT_USED@ST-1-wtDww85p-eauhK1Obnv28JuCVrM-tomt

just change the ST value.

Ray

On Wed, 2018-08-15 at 21:37 +0530, Ramakrishna G wrote:
Ray,

I have tried all possible ways but my logoutUrl is not called.

This is my log

https://abc.domain.com/, 
originalUrl=https://abc.domain.com/, artifactId=null, principal=cas, 
source=service, loggedOutAlready=false, format=XML, attributes={})] is 
[BACK_CHANNEL]>
2018-08-15 21:32:12,403 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://abc.domain.com/, 
originalUrl=https://abc.domain.com/, artifactId=null, principal=cas, 
source=service, loggedOutAlready=false, format=XML, attributes={}), 
status=NOT_ATTEMPTED, logoutUrl=https://xyz.domain.com/logout.html)]>
2018-08-15 21:32:12,404 DEBUG 
[org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - @NOT_USED@ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02]>
2018-08-15 21:32:12,405 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://abc.domain.com/] to 
[https://xyz.domain.com/logout.html]>
2018-08-15 21:32:12,406 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://xyz.domain.com/logout.html, 
message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-3--WXquGTKlwEFb7fwvKR-GkI1%22+Version%3D%222.0%22+IssueInstant%3D%222018-08-15T21%3A32%3A12Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E,
 responseCode=0, asynchronous=true, 
contentType=application/x-www-form-urlencoded)]. Sending...>
2018-08-15 21:32:12,452 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] - 
https://xyz.domain.com/logout.html 
HTTP/1.1]>
2018-08-15 21:32:12,466 INFO [org.apereo.cas.logout.DefaultLogoutManager] - 
<[1] logout requests were processed>
2018-08-15 21:32:12,468 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,469 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,470 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,471 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,472 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,473 DEBUG 
[org.apereo.cas.AbstractCentralAuthenticationService] - 
2018-08-15 21:32:12,474 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://xyz.domain.com/logout.html " from my 
cas server.


I don't see any log in my Apache though. I have also tried FRONT_CHANNEL but no 
luck.

Can you please check and help me in resolving this.

Thanks
Ram



On Mon, Aug 13, 2018 at 10:01 PM, Ray Bon mailto:r...@uvic.ca>> 
wrote:
Ramakrishna,

If you have not done so already, turn up debugging on CAS and client to see if 
there is any hint. You may have to dig into network communications.
Can you curl a post to:
curl -X POST https://domain/logout.html

Ray

On Mon, 2018-08-13 at 16:57 +0530, Ramakrishna G wrote:
Ray,

I tried even with domain name. No luck!!






On Fri, Aug 10, 2018 at 10:58 PM, Ray Bon mailto:r...@uvic.ca>> 
wrote:
Try with the name instead of ip.

Ray

On Fri, 2018-08-10 at 22:18 +0530, Ramakrishna G wrote:
I am using wild card certificate. Certificate is installed in both the machine. 
I don't have domains created for CAS servers. I am accessing via IP. Would that 
be the reason? Is it necessary to communicate with CAS servers with domain name?

On Fri, Aug 10, 2018, 10:00 PM Ray Bon mailto:r...@uvic.ca>> 
wrote:
Ramakrishna,

This looks like a problem with certificates or network. If the certificate for 
webserverip is self signed, you have to add it to java keystore for CAS servers 
(use keytool). I know less about network issues.

Ray

On Fri, 2018-08-10 at 12:12 +0530, Ramakrishna G wrote:
Hello all,

I am using mod_auth_cas as cas client and ha cas servers. In service I have 
defined

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(https)://.*",
  "name" : "wildcard",
  "id" : 1,
  "logoutType" : "BACK_CHANNEL",
  "logoutUrl" : "https://webserverip/logout.html";
}

The logoutUrl is never called but logs says:

Preparing to send logout request to   https://webserverip/

Re: [cas-user] Back Channel not called

2018-08-15 Thread Ramakrishna G

Ray,

I have tried all possible ways but my logoutUrl is not called.

This is my log

https://abc.domain.com/, originalUrl=https://abc.domain.com/,
artifactId=null, principal=cas, source=service, loggedOutAlready=false,
format=XML, attributes={})] is [BACK_CHANNEL]>
2018-08-15 21:32:12,403 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://abc.domain.com/,
originalUrl=https://abc.domain.com/, artifactId=null, principal=cas,
source=service, loggedOutAlready=false, format=XML, attributes={}),
status=NOT_ATTEMPTED, logoutUrl=https://xyz.domain.com/logout.html)]>
2018-08-15 21:32:12,404 DEBUG
[org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - @NOT_USED@
ST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02]>
2018-08-15 21:32:12,405 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://abc.domain.com/] to [
https://xyz.domain.com/logout.html]>
2018-08-15 21:32:12,406 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://xyz.domain.com/logout.html,
message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-3--WXquGTKlwEFb7fwvKR-GkI1%22+Version%3D%222.0%22+IssueInstant%3D%222018-08-15T21%3A32%3A12Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-3-9xOj3CM8bFolCEXzTk6pJaeSE1oSSLDCTRSSO02%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E,
responseCode=0, asynchronous=true,
contentType=application/x-www-form-urlencoded)]. Sending...>
2018-08-15 21:32:12,452 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] -
https://xyz.domain.com/logout.html
HTTP/1.1]>
2018-08-15 21:32:12,466 INFO [org.apereo.cas.logout.DefaultLogoutManager] -
<[1] logout requests were processed>
2018-08-15 21:32:12,468 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,469 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,470 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,471 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,472 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 
2018-08-15 21:32:12,473 DEBUG
[org.apereo.cas.AbstractCentralAuthenticationService] - 
2018-08-15 21:32:12,474 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://xyz.domain.com/logout.html " from
my cas server.


I don't see any log in my Apache though. I have also tried FRONT_CHANNEL
but no luck.

Can you please check and help me in resolving this.

Thanks
Ram



On Mon, Aug 13, 2018 at 10:01 PM, Ray Bon  wrote:

> Ramakrishna,
>
> If you have not done so already, turn up debugging on CAS and client to
> see if there is any hint. You may have to dig into network communications.
> Can you curl a post to:
> curl -X POST https://domain/logout.html
>
> Ray
>
> On Mon, 2018-08-13 at 16:57 +0530, Ramakrishna G wrote:
>
> Ray,
>
> I tried even with domain name. No luck!!
>
>
>
>
>
>
> On Fri, Aug 10, 2018 at 10:58 PM, Ray Bon  wrote:
>
> Try with the name instead of ip.
>
> Ray
>
> On Fri, 2018-08-10 at 22:18 +0530, Ramakrishna G wrote:
>
> I am using wild card certificate. Certificate is installed in both the
> machine. I don't have domains created for CAS servers. I am accessing via
> IP. Would that be the reason? Is it necessary to communicate with CAS
> servers with domain name?
>
> On Fri, Aug 10, 2018, 10:00 PM Ray Bon  wrote:
>
> Ramakrishna,
>
> This looks like a problem with certificates or network. If the certificate
> for webserverip is self signed, you have to add it to java keystore for CAS
> servers (use keytool). I know less about network issues.
>
> Ray
>
> On Fri, 2018-08-10 at 12:12 +0530, Ramakrishna G wrote:
>
> Hello all,
>
> I am using mod_auth_cas as cas client and ha cas servers. In service I
> have defined
>
> {
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId" : "^(https)://.*",
>   "name" : "wildcard",
>   "id" : 1,
>   "logoutType" : "BACK_CHANNEL",
>   "logoutUrl" : "https://webserverip/logout.html";
> }
>
> The logoutUrl is never called but logs says:
>
> Preparing to send logout request to   https://webserverip/logout.html
> Prepared to send logout request to   https://webserverip/logout.html
> [1] logout requests were processed
>
> But never logout.html is called. I don't know what is the mistake I am
> doing.
>
> Can anyone help please.
>
> Thanks
>
>
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubs

Re: [cas-user] Back Channel not called

2018-08-13 Thread Ray Bon

Ramakrishna,

If you have not done so already, turn up debugging on CAS and client to see if 
there is any hint. You may have to dig into network communications.
Can you curl a post to:
curl -X POST https://domain/logout.html

Ray

On Mon, 2018-08-13 at 16:57 +0530, Ramakrishna G wrote:
Ray,

I tried even with domain name. No luck!!






On Fri, Aug 10, 2018 at 10:58 PM, Ray Bon mailto:r...@uvic.ca>> 
wrote:
Try with the name instead of ip.

Ray

On Fri, 2018-08-10 at 22:18 +0530, Ramakrishna G wrote:
I am using wild card certificate. Certificate is installed in both the machine. 
I don't have domains created for CAS servers. I am accessing via IP. Would that 
be the reason? Is it necessary to communicate with CAS servers with domain name?

On Fri, Aug 10, 2018, 10:00 PM Ray Bon mailto:r...@uvic.ca>> 
wrote:
Ramakrishna,

This looks like a problem with certificates or network. If the certificate for 
webserverip is self signed, you have to add it to java keystore for CAS servers 
(use keytool). I know less about network issues.

Ray

On Fri, 2018-08-10 at 12:12 +0530, Ramakrishna G wrote:
Hello all,

I am using mod_auth_cas as cas client and ha cas servers. In service I have 
defined

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(https)://.*",
  "name" : "wildcard",
  "id" : 1,
  "logoutType" : "BACK_CHANNEL",
  "logoutUrl" : "https://webserverip/logout.html";
}

The logoutUrl is never called but logs says:

Preparing to send logout request to   https://webserverip/logout.html
Prepared to send logout request to   https://webserverip/logout.html
[1] logout requests were processed

But never logout.html is called. I don't know what is the mistake I am doing.

Can anyone help please.

Thanks




--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533918628.2842.67.camel%40uvic.ca.


--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533922111.2842.73.camel%40uvic.ca.



--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534177908.2503.11.camel%40uvic.ca.

Re: [cas-user] Back Channel not called

2018-08-13 Thread Ramakrishna G

Ray,

I tried even with domain name. No luck!!






On Fri, Aug 10, 2018 at 10:58 PM, Ray Bon  wrote:

> Try with the name instead of ip.
>
> Ray
>
> On Fri, 2018-08-10 at 22:18 +0530, Ramakrishna G wrote:
>
> I am using wild card certificate. Certificate is installed in both the
> machine. I don't have domains created for CAS servers. I am accessing via
> IP. Would that be the reason? Is it necessary to communicate with CAS
> servers with domain name?
>
> On Fri, Aug 10, 2018, 10:00 PM Ray Bon  wrote:
>
> Ramakrishna,
>
> This looks like a problem with certificates or network. If the certificate
> for webserverip is self signed, you have to add it to java keystore for CAS
> servers (use keytool). I know less about network issues.
>
> Ray
>
> On Fri, 2018-08-10 at 12:12 +0530, Ramakrishna G wrote:
>
> Hello all,
>
> I am using mod_auth_cas as cas client and ha cas servers. In service I
> have defined
>
> {
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId" : "^(https)://.*",
>   "name" : "wildcard",
>   "id" : 1,
>   "logoutType" : "BACK_CHANNEL",
>   "logoutUrl" : "https://webserverip/logout.html";
> }
>
> The logoutUrl is never called but logs says:
>
> Preparing to send logout request to   https://webserverip/logout.html
> Prepared to send logout request to   https://webserverip/logout.html
> [1] logout requests were processed
>
> But never logout.html is called. I don't know what is the mistake I am
> doing.
>
> Can anyone help please.
>
> Thanks
>
>
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/1533918628.2842.67.camel%40uvic.ca
> 
> .
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/1533922111.2842.73.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P-pdZU4AHhT-HndX69Qg_0EeTTsXEzA4xqyb5cHfp3FEg%40mail.gmail.com.

Re: [cas-user] Back Channel not called

2018-08-10 Thread Ray Bon

Try with the name instead of ip.

Ray

On Fri, 2018-08-10 at 22:18 +0530, Ramakrishna G wrote:
I am using wild card certificate. Certificate is installed in both the machine. 
I don't have domains created for CAS servers. I am accessing via IP. Would that 
be the reason? Is it necessary to communicate with CAS servers with domain name?

On Fri, Aug 10, 2018, 10:00 PM Ray Bon mailto:r...@uvic.ca>> 
wrote:
Ramakrishna,

This looks like a problem with certificates or network. If the certificate for 
webserverip is self signed, you have to add it to java keystore for CAS servers 
(use keytool). I know less about network issues.

Ray

On Fri, 2018-08-10 at 12:12 +0530, Ramakrishna G wrote:
Hello all,

I am using mod_auth_cas as cas client and ha cas servers. In service I have 
defined

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(https)://.*",
  "name" : "wildcard",
  "id" : 1,
  "logoutType" : "BACK_CHANNEL",
  "logoutUrl" : "https://webserverip/logout.html";
}

The logoutUrl is never called but logs says:

Preparing to send logout request to   https://webserverip/logout.html
Prepared to send logout request to   https://webserverip/logout.html
[1] logout requests were processed

But never logout.html is called. I don't know what is the mistake I am doing.

Can anyone help please.

Thanks




--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533918628.2842.67.camel%40uvic.ca.


--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533922111.2842.73.camel%40uvic.ca.

Re: [cas-user] Back Channel not called

2018-08-10 Thread Ramakrishna G

I am using wild card certificate. Certificate is installed in both the
machine. I don't have domains created for CAS servers. I am accessing via
IP. Would that be the reason? Is it necessary to communicate with CAS
servers with domain name?

On Fri, Aug 10, 2018, 10:00 PM Ray Bon  wrote:

> Ramakrishna,
>
> This looks like a problem with certificates or network. If the certificate
> for webserverip is self signed, you have to add it to java keystore for CAS
> servers (use keytool). I know less about network issues.
>
> Ray
>
> On Fri, 2018-08-10 at 12:12 +0530, Ramakrishna G wrote:
>
> Hello all,
>
> I am using mod_auth_cas as cas client and ha cas servers. In service I
> have defined
>
> {
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId" : "^(https)://.*",
>   "name" : "wildcard",
>   "id" : 1,
>   "logoutType" : "BACK_CHANNEL",
>   "logoutUrl" : "https://webserverip/logout.html";
> }
>
> The logoutUrl is never called but logs says:
>
> Preparing to send logout request to   https://webserverip/logout.html
> Prepared to send logout request to   https://webserverip/logout.html
> [1] logout requests were processed
>
> But never logout.html is called. I don't know what is the mistake I am
> doing.
>
> Can anyone help please.
>
> Thanks
>
>
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533918628.2842.67.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P-v0v6DJ_A3Gj6PhbFT7gei5KjU-OsS8AUCZD%3DSLz_Xcw%40mail.gmail.com.

Re: [cas-user] Back Channel not called

2018-08-10 Thread Ray Bon

Ramakrishna,

This looks like a problem with certificates or network. If the certificate for 
webserverip is self signed, you have to add it to java keystore for CAS servers 
(use keytool). I know less about network issues.

Ray

On Fri, 2018-08-10 at 12:12 +0530, Ramakrishna G wrote:
Hello all,

I am using mod_auth_cas as cas client and ha cas servers. In service I have 
defined

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(https)://.*",
  "name" : "wildcard",
  "id" : 1,
  "logoutType" : "BACK_CHANNEL",
  "logoutUrl" : "https://webserverip/logout.html";
}

The logoutUrl is never called but logs says:

Preparing to send logout request to   https://webserverip/logout.html
Prepared to send logout request to   https://webserverip/logout.html
[1] logout requests were processed

But never logout.html is called. I don't know what is the mistake I am doing.

Can anyone help please.

Thanks




--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533918628.2842.67.camel%40uvic.ca.

[cas-user] Back Channel not called

2018-08-09 Thread Ramakrishna G

Hello all,

I am using mod_auth_cas as cas client and ha cas servers. In service I have
defined

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(https)://.*",
  "name" : "wildcard",
  "id" : 1,
  "logoutType" : "BACK_CHANNEL",
  "logoutUrl" : "https://webserverip/logout.html";
}

The logoutUrl is never called but logs says:

Preparing to send logout request to   https://webserverip/logout.html
Prepared to send logout request to   https://webserverip/logout.html
[1] logout requests were processed

But never logout.html is called. I don't know what is the mistake I am
doing.

Can anyone help please.

Thanks

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P8nxtNZx-tLSWnzOVuoM%3D%3DXBKgvR8qwPfPqRx8_oe4GhA%40mail.gmail.com.

Re: [cas-user] Back Channel not called

Re: [cas-user] Back Channel not called

Re: [cas-user] Back Channel not called

Re: [cas-user] Back Channel not called

Re: [cas-user] Back Channel not called

Re: [cas-user] Back Channel not called

Re: [cas-user] Back Channel not called

Re: [cas-user] Back Channel not called

Re: [cas-user] Back Channel not called

Re: [cas-user] Back Channel not called

Re: [cas-user] Back Channel not called

Re: [cas-user] Back Channel not called

[cas-user] Back Channel not called

13 matches

Site Navigation

Mail list logo

Footer information