Thanks Andy , much appreciated.
-----Original Message----- From: Andrew Morgan [mailto:mor...@orst.edu] Sent: Monday, October 05, 2015 2:33 PM To: cas-user@lists.jasig.org Subject: RE: [cas-user] cas 3.5.2 catalina logs On Sat, 3 Oct 2015, Chris Cheltenham wrote: > Andy, > > Actually I have figured out the certificate issue. > > Thanks > > I have noticed each CAS session creates two tickets. > One is on tomcat on the CAS server that one gets destroyed. > There is another on /tmp/cas apache server which is a different box with > mod_auth_cas. > > That apache session file / ticket does not go away unless you manually delete > it. > > However, reading the docs it appears the ticket service is working as > advertised. > > Our client is asking for a way to delete the ticket in /tmp/cas as well. > That is my issue ultimately. > > I thought it was because of the certificate error it could not redirect the > logout back to the web server. > However, fixing my cert error did not completely fix my problem. > > There must be another function to delete that session in /tmp/cas but > I cannot figure out what it is in the docs. Maybe it is SLO, Correct. The CAS client maintains its own session after the initial authentication. According to the mod_auth_cas README: * CAS single sign out is currently not functional and disabled. It is only safe to use in the case where all requests are GET and not POST (the module inadvertently 'eats' some content of the POST request while determining if it should process it as a SAML logout request). The docs for the SLO option: Directive: CASSSOEnabled Default: Off Description: If enabled, this activates support for Single Sign Out within the CAS protocol. Please note that this feature is currently experimental and may mangle POST data. So, you might be able to use SLO with mod_auth_cas if your application does not use POST requests. Otherwise, perhaps a different CAS client could be used, such as the PHP or Java client. Andy -- You are currently subscribed to cas-user@lists.jasig.org as: cchelten...@swaintechs.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
