Hello, I have encountered issue with SSO for SAML 1.1 clients with CAS 5.2
I am rather new cas user and probably i am missing something obvious.
I am using folowing phpCAS client:
<?php
require_once 'phpcas/source/CAS.php';
// Enable debugging
phpCAS::setDebug('phpCAS.log');
// Enable verbose error messages. Disable in production!
phpCAS::setVerbose(true);
// Initialize phpCAS
$cas_host = 'cas-1.uek.krakow.pl';
// Context of the CAS Server
$cas_context = '/cas';
// Port of your CAS server. Normally for a https server it's 443
$cas_port = 443;
phpCAS::client(SAML_VERSION_1_1, $cas_host, $cas_port, $cas_context);
// For production use set the CA certificate that is the issuer of the cert
// on the CAS server and uncomment the line below
// phpCAS::setCasServerCACert($cas_server_ca_cert_path);
// For quick testing you can disable SSL validation of the CAS server.
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
phpCAS::setNoCasServerValidation();
// force CAS authentication
$cas_real_hosts = array('cas-1.uek.krakow.pl');
phpCAS::handleLogoutRequests(true, $cas_real_hosts);
phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
// logout if desired
// logout if desired
if (isset($_REQUEST['logout'])) {
phpCAS::logout();
}
?>
<html>
<head>
<title>Advanced SAML 1.1 example</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<h2>Advanced SAML 1.1 example</h2>
<?php require 'script_info.php' ?>
Authentication succeeded for user
<strong><?php echo phpCAS::getUser(); ?></strong>.
User has attributes
<strong><?php if(phpCAS::hasAttributes()){
echo 'true';
}
else {
echo 'false';
}
?></strong>.
<h3>User Attributes</h3>
<ul>
<?php
foreach (phpCAS::getAttributes() as $key => $value) {
if (is_array($value)) {
echo '<li>', $key, ':<ol>';
foreach ($value as $item) {
echo '<li><strong>', $item, '</strong></li>';
}
echo '</ol></li>';
} else {
echo '<li>', $key, ': <strong>', $value, '</strong></li>' .
PHP_EOL;
}
}
?>
</ul>
<p><a href="?logout=">Logout</a></p>
</body>
</html>
Single sign in works like expected. If I have several CAS clients, when I
log in to one of them, I am authenticated in all, like expected.
But Single Logout completely doesn't work for me. When I log out using CAS
logout endpoint "{cas-server}/cas/logout" i receive message that I am
logged out from CAS and I can see in SSO manager that CAS Session is
terminated.
But all application sessions are still alive, I am allowed not only to
navigate client pages but also close\open tabs and I am still logged in.
I have tried to configure service with client application with both
"BACK_CHANNEL" and "FRONT_CHANNEL" logoutType with no luck.
1. If I use BACK_CHANNEL.
Thats how service definition looks like:
{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "https://cas-client.ssl.stub/";,
"name" : "example_simple_citest",
"id" : 7,
"logoutType" : "BACK_CHANNEL",
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"uid" : "user_id",
"sn" : "surname"
}
}
}
When I log out using "{cas-server}/cas/logout" endpoint CAS server log
looks like this: back.txt (see attachment)
phpCAS.log doesn't log anything in this case. And application session still
lives untill I close browser.
2. If I use FRONT_CHANNEL.
Thats how service definition looks like:
{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "https://cas-client.ssl.stub/";,
"name" : "example_simple_citest",
"id" : 7,
"logoutType" : "FRONT_CHANNEL",
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"uid" : "user_id",
"sn" : "surname"
}
}
}
When I log out using "{cas-server}/cas/logout" endpoint CAS server log
looks like this: front.txt (see attachment)
And I see following message upon logout on endpoint page:
<https://lh3.googleusercontent.com/-UTWr5C0Ljuw/Wt3mgxz_NeI/AAAAAAAAAKM/PPlxChw1Gwk--HOokjLhoOO5DUzk7zV2gCLcBGAs/s1600/fronLogout.png>
W
Which tells me that logout notification has been sent.
At the same time, when endpoint logout happens, phpCAS.log logs following
message.
D0EE .START (2018-04-23 15:37:16) phpCAS-1.3.5 ******************
[CAS.php:468]
D0EE .=> phpCAS::client('S1', 'cas-1.server.test.pl', 443, '/cas')
[index.php:13]
D0EE .| => CAS_Client::__construct('S1', false, 'cas-1.server.test.pl',
443, '/cas', true) [CAS.php:360]
D0EE .| | Starting a new session
ST-26-6Ad0C8OCIF5n-1zWgmiE8HZdw-E-v-cas-1 [Client.php:932]
D0EE .| | Session is authenticated as: babanin [Client.php:936]
D0EE .| <= ''
D0EE .<= ''
D0EE .=> phpCAS::setNoCasServerValidation() [index.php:20]
D0EE .| You have configured no validation of the legitimacy of the cas
server. This is not recommended for production use. [CAS.php:1644]
D0EE .<= ''
D0EE .=> CAS_Client::handleLogoutRequests(true, array ( 0 =>
'cas-1.server.test.pl',)) [CAS.php:1276]
D0EE .| Not a logout request [Client.php:1739]
D0EE .<= ''
D0EE .=> phpCAS::forceAuthentication() [index.php:27]
D0EE .| => CAS_Client::forceAuthentication() [CAS.php:1098]
D0EE .| | => CAS_Client::isAuthenticated() [Client.php:1280]
D0EE .| | | => CAS_Client::_wasPreviouslyAuthenticated()
[Client.php:1393]
D0EE .| | | | user = `babanin' [Client.php:1622]
D0EE .| | | <= true
D0EE .| | | user was already authenticated, no need to look for
tickets [Client.php:1417]
D0EE .| | <= true
D0EE .| | no need to authenticate [Client.php:1282]
D0EE .| <= true
D0EE .<= ''
This message looks exactly like regular login message, but it appers when
tab with application is closed and at the exact time when CAS sends logout
notification.
It seems like client receives FRONT_CHANNEL connection from server but
fails to recognise it as logout request.
So, summarising:
Logging out from cas using both endpoint and casified applications causes
CAS to terminate SSO session but fails to terminate application sessions.
As a client I am using example code from phpCAS documentation.
Please help me to solve this issue, or, atlease get understanding of it.
Thank you very much for attention,
Viacheslav Babanin
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/33b216d7-1947-4ffd-8bc7-51f307b6bd3a%40apereo.org.
2018-04-23 15:23:32,691 DEBUG [org.apereo.cas.util.EncodingUtils] - <Decrypting
value...>
2018-04-23 15:23:32,692 DEBUG
[org.apereo.cas.web.support.DefaultCasCookieValueManager] - <Decoded cookie
value is
[TGT-**********RuLcakHGX5-MX5OTAr8--Df8De6d5D759ZpjbxO2TSvsR3Y7iBmjZ4G4pzQH9eBk-v-cas-1@10.20.2.31@Mozilla/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/65.0.3325.181 Safari/537.36]>
2018-04-23 15:23:32,692 DEBUG
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Creating
new transaction with name
[org.apereo.cas.ticket.registry.DefaultTicketRegistrySupport.getAuthenticatedPrincipalFrom]:
PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
2018-04-23 15:23:32,693 DEBUG
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Initiating
transaction commit>
2018-04-23 15:23:32,768 DEBUG [org.apereo.cas.util.EncodingUtils] - <Decrypting
value...>
2018-04-23 15:23:32,769 DEBUG
[org.apereo.cas.web.support.DefaultCasCookieValueManager] - <Decoded cookie
value is
[TGT-**********RuLcakHGX5-MX5OTAr8--Df8De6d5D759ZpjbxO2TSvsR3Y7iBmjZ4G4pzQH9eBk-v-cas-1@10.20.2.31@Mozilla/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/65.0.3325.181 Safari/537.36]>
2018-04-23 15:23:32,770 DEBUG
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Creating
new transaction with name
[org.apereo.cas.DefaultCentralAuthenticationService.destroyTicketGrantingTicket]:
PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
2018-04-23 15:23:32,771 DEBUG
[org.apereo.cas.DefaultCentralAuthenticationService] - <Removing ticket
[TGT-**********RuLcakHGX5-MX5OTAr8--Df8De6d5D759ZpjbxO2TSvsR3Y7iBmjZ4G4pzQH9eBk-v-cas-1]
from registry...>
2018-04-23 15:23:32,772 DEBUG
[org.apereo.cas.DefaultCentralAuthenticationService] - <Ticket found.
Processing logout requests and then deleting the ticket...>
2018-04-23 15:23:32,772 INFO [org.apereo.cas.logout.DefaultLogoutManager] -
<Performing logout operations for
[TGT-**********RuLcakHGX5-MX5OTAr8--Df8De6d5D759ZpjbxO2TSvsR3Y7iBmjZ4G4pzQH9eBk-v-cas-1]>
2018-04-23 15:23:32,773 DEBUG [org.apereo.cas.logout.DefaultLogoutManager] -
<Handling single logout callback for
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@17ea73da[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]>
2018-04-23 15:23:32,774 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Processing
logout request for service
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@17ea73da[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]...>
2018-04-23 15:23:32,775 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Service
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@17ea73da[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]
supports single logout and is found in the registry as
[id=7,name=example_simple_citest,description=<null>,serviceId=https://cas-client.ssl.stub/,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=<null>,evaluationOrder=0,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnMappedAttributeReleasePolicy@1b4bd65b[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@726f6b76[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@4d2a201f[excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true],allowedAttributes={PESEL=saml_pesel,
nazwisko=saml_nazwisko}],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@32846207[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@45cc49d,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@77388302[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,bypassEnabled=false],informationUrl=<null>,privacyUrl=<null>,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@7e857248[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=<null>],<null>].
Proceeding...>
2018-04-23 15:23:32,776 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceLogoutUrlBuilder] - <Logout
request will be sent to [https://cas-client.ssl.stub/] for service
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@17ea73da[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]>
2018-04-23 15:23:32,800 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared
logout url [https://cas-client.ssl.stub/] for service
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@17ea73da[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]>
2018-04-23 15:23:32,801 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating
logout request for
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@17ea73da[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]
and ticket id [ST-25-XpL5R-SW1UL2ZZYIDjzZGTNYexo-v-cas-1]>
2018-04-23 15:23:32,802 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout
request
[org.apereo.cas.logout.DefaultLogoutRequest@1da7e2e1[ticketId=ST-25-XpL5R-SW1UL2ZZYIDjzZGTNYexo-v-cas-1,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@17ea73da[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]
created for
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@17ea73da[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]
and ticket id [ST-25-XpL5R-SW1UL2ZZYIDjzZGTNYexo-v-cas-1]>
2018-04-23 15:23:32,803 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout type
registered for
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@17ea73da[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]
is [BACK_CHANNEL]>
2018-04-23 15:23:32,803 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating
back-channel logout request based on
[org.apereo.cas.logout.DefaultLogoutRequest@1da7e2e1[ticketId=ST-25-XpL5R-SW1UL2ZZYIDjzZGTNYexo-v-cas-1,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@17ea73da[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]>
2018-04-23 15:23:32,805 DEBUG
[org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated logout
message: [<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="LR-25--bTNueppbwIe2O0NtwZ3YnhB" Version="2.0"
IssueInstant="2018-04-23T15:23:32Z"><saml:NameID
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-25-XpL5R-SW1UL2ZZYIDjzZGTNYexo-v-cas-1</samlp:SessionIndex></samlp:LogoutRequest>]>
2018-04-23 15:23:32,805 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Preparing
logout request for [https://cas-client.ssl.stub/] to
[https://cas-client.ssl.stub/]>
2018-04-23 15:23:32,806 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared
logout message to send is
[org.apereo.cas.logout.LogoutHttpMessage@6267c69b[url=https://cas-client.ssl.stub/,message=<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="LR-25--bTNueppbwIe2O0NtwZ3YnhB" Version="2.0"
IssueInstant="2018-04-23T15:23:32Z"><saml:NameID
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-25-XpL5R-SW1UL2ZZYIDjzZGTNYexo-v-cas-1</samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=true,contentType=application/x-www-form-urlencoded,responseCode=0]].
Sending...>
2018-04-23 15:23:32,821 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] -
<Created HTTP post message payload [POST https://cas-client.ssl.stub/ HTTP/1.1]>
2018-04-23 15:23:32,828 INFO [org.apereo.cas.logout.DefaultLogoutManager] -
<[1] logout requests were processed>
2018-04-23 15:23:32,829 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing children of
ticket
[TGT-**********RuLcakHGX5-MX5OTAr8--Df8De6d5D759ZpjbxO2TSvsR3Y7iBmjZ4G4pzQH9eBk-v-cas-1]
from the registry.>
2018-04-23 15:23:32,829 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Unable to remove
ticket [ST-25-XpL5R-SW1UL2ZZYIDjzZGTNYexo-v-cas-1]>
2018-04-23 15:23:32,830 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket
[TGT-**********RuLcakHGX5-MX5OTAr8--Df8De6d5D759ZpjbxO2TSvsR3Y7iBmjZ4G4pzQH9eBk-v-cas-1]
from the registry.>
2018-04-23 15:23:32,831 DEBUG
[org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing
[org.apereo.cas.support.events.ticket.CasTicketGrantingTicketDestroyedEvent@7c481e08[ticketGrantingTicket=TGT-**********RuLcakHGX5-MX5OTAr8--Df8De6d5D759ZpjbxO2TSvsR3Y7iBmjZ4G4pzQH9eBk-v-cas-1]]>
2018-04-23 15:23:32,832 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: babanin
WHAT:
TGT-**********RuLcakHGX5-MX5OTAr8--Df8De6d5D759ZpjbxO2TSvsR3Y7iBmjZ4G4pzQH9eBk-v-cas-1
ACTION: TICKET_GRANTING_TICKET_DESTROYED
APPLICATION: CAS
WHEN: Mon Apr 23 15:23:32 CEST 2018
CLIENT IP ADDRESS: 10.20.2.31
SERVER IP ADDRESS: 10.20.2.60
=============================================================
>
2018-04-23 15:23:32,849 DEBUG
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Initiating
transaction commit>
2018-04-23 15:23:32,850 DEBUG
[org.apereo.cas.web.support.TGCCookieRetrievingCookieGenerator] - <Removed
cookie with name [TGC]>
2018-04-23 15:23:32,851 DEBUG
[org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed cookie
with name [CASPRIVACY]>
2018-04-23 15:23:32,853 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [CookieThemeResolver]>
2018-04-23 15:23:32,853 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [SessionThemeResolver]>
2018-04-23 15:23:32,854 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [RequestHeaderThemeResolver]>
2018-04-23 15:23:32,854 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [ServiceThemeResolver]>
2018-04-23 15:23:32,855 DEBUG
[org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in
the request context. Falling back to the default theme [cas-theme-default]>
2018-04-23 15:23:32,855 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [FixedThemeResolver]>
2018-04-23 15:23:32,856 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could
be found. Using default theme [cas-theme-default}>
2018-04-23 15:23:32,875 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [CookieThemeResolver]>
2018-04-23 15:23:32,876 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [SessionThemeResolver]>
2018-04-23 15:23:32,876 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [RequestHeaderThemeResolver]>
2018-04-23 15:23:32,877 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [ServiceThemeResolver]>
2018-04-23 15:23:32,877 DEBUG
[org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in
the request context. Falling back to the default theme [cas-theme-default]>
2018-04-23 15:23:32,877 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [FixedThemeResolver]>
2018-04-23 15:23:32,878 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could
be found. Using default theme [cas-theme-default}>
2018-04-23 15:37:15,872 DEBUG [org.apereo.cas.util.EncodingUtils] - <Decrypting
value...>
2018-04-23 15:37:15,872 DEBUG
[org.apereo.cas.web.support.DefaultCasCookieValueManager] - <Decoded cookie
value is
[TGT-*GT-23-RY1q-loMIiruWFcsn8fFFWw-I6xi9iUP1l7uOdaIWYgah9XG8FScLg9DHfleC-lkKfw-v-cas-1@10.20.2.31@Mozilla/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/65.0.3325.181 Safari/537.36]>
2018-04-23 15:37:15,873 DEBUG
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Creating
new transaction with name
[org.apereo.cas.ticket.registry.DefaultTicketRegistrySupport.getAuthenticatedPrincipalFrom]:
PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
2018-04-23 15:37:15,873 DEBUG
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Initiating
transaction commit>
2018-04-23 15:37:15,877 DEBUG [org.apereo.cas.util.EncodingUtils] - <Decrypting
value...>
2018-04-23 15:37:15,878 DEBUG
[org.apereo.cas.web.support.DefaultCasCookieValueManager] - <Decoded cookie
value is
[TGT-*GT-23-RY1q-loMIiruWFcsn8fFFWw-I6xi9iUP1l7uOdaIWYgah9XG8FScLg9DHfleC-lkKfw-v-cas-1@10.20.2.31@Mozilla/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/65.0.3325.181 Safari/537.36]>
2018-04-23 15:37:15,879 DEBUG
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Creating
new transaction with name
[org.apereo.cas.DefaultCentralAuthenticationService.destroyTicketGrantingTicket]:
PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
2018-04-23 15:37:15,879 DEBUG
[org.apereo.cas.DefaultCentralAuthenticationService] - <Removing ticket
[TGT-*GT-23-RY1q-loMIiruWFcsn8fFFWw-I6xi9iUP1l7uOdaIWYgah9XG8FScLg9DHfleC-lkKfw-v-cas-1]
from registry...>
2018-04-23 15:37:15,889 DEBUG
[org.apereo.cas.DefaultCentralAuthenticationService] - <Ticket found.
Processing logout requests and then deleting the ticket...>
2018-04-23 15:37:15,889 INFO [org.apereo.cas.logout.DefaultLogoutManager] -
<Performing logout operations for
[TGT-*GT-23-RY1q-loMIiruWFcsn8fFFWw-I6xi9iUP1l7uOdaIWYgah9XG8FScLg9DHfleC-lkKfw-v-cas-1]>
2018-04-23 15:37:15,890 DEBUG [org.apereo.cas.logout.DefaultLogoutManager] -
<Handling single logout callback for
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@716e90cb[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]>
2018-04-23 15:37:15,891 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Processing
logout request for service
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@716e90cb[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]...>
2018-04-23 15:37:15,892 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Service
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@716e90cb[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]
supports single logout and is found in the registry as
[id=7,name=example_simple_citest,description=<null>,serviceId=https://cas-client.ssl.stub/,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=<null>,evaluationOrder=0,logoutType=FRONT_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnMappedAttributeReleasePolicy@50546aeb[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@7047a94b[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@1248df55[excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true],allowedAttributes={PESEL=saml_pesel,
nazwisko=saml_nazwisko}],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@60e6f8a5[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@4c911d55,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@1396c560[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,bypassEnabled=false],informationUrl=<null>,privacyUrl=<null>,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@5ed63ba8[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=<null>],<null>].
Proceeding...>
2018-04-23 15:37:15,893 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceLogoutUrlBuilder] - <Logout
request will be sent to [https://cas-client.ssl.stub/] for service
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@716e90cb[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]>
2018-04-23 15:37:15,894 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared
logout url [https://cas-client.ssl.stub/] for service
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@716e90cb[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]>
2018-04-23 15:37:15,895 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating
logout request for
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@716e90cb[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]
and ticket id [ST-26-6Ad0C8OCIF5n-1zWgmiE8HZdw-E-v-cas-1]>
2018-04-23 15:37:15,895 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout
request
[org.apereo.cas.logout.DefaultLogoutRequest@66eba1a8[ticketId=ST-26-6Ad0C8OCIF5n-1zWgmiE8HZdw-E-v-cas-1,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@716e90cb[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]
created for
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@716e90cb[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]
and ticket id [ST-26-6Ad0C8OCIF5n-1zWgmiE8HZdw-E-v-cas-1]>
2018-04-23 15:37:15,896 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout type
registered for
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@716e90cb[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]
is [FRONT_CHANNEL]>
2018-04-23 15:37:15,897 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout
operation is not yet attempted for
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@716e90cb[id=https://cas-client.ssl.stub/,originalUrl=https://cas-client.ssl.stub/,artifactId=<null>,principal=babanin,loggedOutAlready=false,format=XML]]
given logout type is set to [FRONT_CHANNEL]>
2018-04-23 15:37:15,898 INFO [org.apereo.cas.logout.DefaultLogoutManager] -
<[1] logout requests were processed>
2018-04-23 15:37:15,898 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing children of
ticket
[TGT-*GT-23-RY1q-loMIiruWFcsn8fFFWw-I6xi9iUP1l7uOdaIWYgah9XG8FScLg9DHfleC-lkKfw-v-cas-1]
from the registry.>
2018-04-23 15:37:15,920 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Unable to remove
ticket [ST-26-6Ad0C8OCIF5n-1zWgmiE8HZdw-E-v-cas-1]>
2018-04-23 15:37:15,921 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket
[TGT-*GT-23-RY1q-loMIiruWFcsn8fFFWw-I6xi9iUP1l7uOdaIWYgah9XG8FScLg9DHfleC-lkKfw-v-cas-1]
from the registry.>
2018-04-23 15:37:15,922 DEBUG
[org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing
[org.apereo.cas.support.events.ticket.CasTicketGrantingTicketDestroyedEvent@668aec30[ticketGrantingTicket=TGT-*GT-23-RY1q-loMIiruWFcsn8fFFWw-I6xi9iUP1l7uOdaIWYgah9XG8FScLg9DHfleC-lkKfw-v-cas-1]]>
2018-04-23 15:37:15,923 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: babanin
WHAT:
TGT-*GT-23-RY1q-loMIiruWFcsn8fFFWw-I6xi9iUP1l7uOdaIWYgah9XG8FScLg9DHfleC-lkKfw-v-cas-1
ACTION: TICKET_GRANTING_TICKET_DESTROYED
APPLICATION: CAS
WHEN: Mon Apr 23 15:37:15 CEST 2018
CLIENT IP ADDRESS: 10.20.2.31
SERVER IP ADDRESS: 10.20.2.60
=============================================================
>
2018-04-23 15:37:15,944 DEBUG
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Initiating
transaction commit>
2018-04-23 15:37:15,945 DEBUG
[org.apereo.cas.web.support.TGCCookieRetrievingCookieGenerator] - <Removed
cookie with name [TGC]>
2018-04-23 15:37:15,946 DEBUG
[org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed cookie
with name [CASPRIVACY]>
2018-04-23 15:37:15,948 DEBUG
[org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated logout
message: [<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="LR-26-mQzr-qp-Ifzvk1GuFp3T237P" Version="2.0"
IssueInstant="2018-04-23T15:37:15Z"><saml:NameID
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-26-6Ad0C8OCIF5n-1zWgmiE8HZdw-E-v-cas-1</samlp:SessionIndex></samlp:LogoutRequest>]>
2018-04-23 15:37:15,949 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [CookieThemeResolver]>
2018-04-23 15:37:15,950 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [SessionThemeResolver]>
2018-04-23 15:37:15,950 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [RequestHeaderThemeResolver]>
2018-04-23 15:37:15,951 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [ServiceThemeResolver]>
2018-04-23 15:37:15,951 DEBUG
[org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in
the request context. Falling back to the default theme [cas-theme-default]>
2018-04-23 15:37:15,952 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [FixedThemeResolver]>
2018-04-23 15:37:15,953 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could
be found. Using default theme [cas-theme-default}>
2018-04-23 15:37:15,976 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [CookieThemeResolver]>
2018-04-23 15:37:15,977 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [SessionThemeResolver]>
2018-04-23 15:37:15,978 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [RequestHeaderThemeResolver]>
2018-04-23 15:37:15,978 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [ServiceThemeResolver]>
2018-04-23 15:37:15,979 DEBUG
[org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in
the request context. Falling back to the default theme [cas-theme-default]>
2018-04-23 15:37:15,980 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve
theme via [FixedThemeResolver]>
2018-04-23 15:37:15,981 DEBUG
[org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could
be found. Using default theme [cas-theme-default}>
