Hi Ray, As said by you, I enabled logs and this is the output
2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager] - <Performing logout operations for [TGT-2-*********************************************************eGcHG1JqHs-client]> 2018-05-17 11:50:46,501 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Processing logout request for service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id=https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/, *artifactId=<null>* ,principal=casuser,loggedOutAlready=false,format=XML]]...> 2018-05-17 11:50:46,503 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]] supports single logout and is found in the registry as [id=10000001,name=HTTPS and IMAPS,description=This service definition authorizes all application urls that support HTTPS and IMAPS protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d ,theme=<null>,evaluationOrder=10000,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@15646ed9 [attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@7923006f [],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@330ae512 [excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true],allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@5bc47191 [enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2cd156ce ,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dc092b8 [multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,bypassEnabled=false],informationUrl=<null>,privacyUrl=<null>,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@687fb318[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=<null>],<null>]. Proceeding...> 2018-05-17 11:50:46,514 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared logout url [https://192.168.111.12:8443/] for service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId= <null>,principal=casuser,loggedOutAlready=false,format=XML]]> 2018-05-17 11:50:46,515 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating logout request for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]] and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]> 2018-05-17 11:50:46,517 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout request [org.apereo.cas.logout.DefaultLogoutRequest@61e23890 [ticketId=ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]] created for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]] and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]> 2018-05-17 11:50:46,518 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout type registered for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]] is [BACK_CHANNEL]> 2018-05-17 11:50:46,519 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating back-channel logout request based on [org.apereo.cas.logout.DefaultLogoutRequest@61e23890 [ticketId=ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId= <null>,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]> 2018-05-17 11:50:46,522 DEBUG [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-1-vL8zdM8-dQR8rayaAYJJz6d2" Version="2.0" IssueInstant="2018-05-17T11:50:46Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@ </saml:NameID><samlp:SessionIndex>ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client</samlp:SessionIndex></samlp:LogoutRequest>]> 2018-05-17 11:50:46,522 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Preparing logout request for [https://192.168.111.12:8443/] to [ https://192.168.111.12:8443/]> 2018-05-17 11:50:46,547 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared logout message to send is [org.apereo.cas.logout.LogoutHttpMessage@e0bb76[url= https://192.168.111.12:8443/,message=<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-1-vL8zdM8-dQR8rayaAYJJz6d2" Version="2.0" IssueInstant="2018-05-17T11:50:46Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client</samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=false,contentType=application/x-www-form-urlencoded,responseCode=0]]. Sending...> 2018-05-17 11:50:46,659 WARN [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -* <Logout message is not sent to [https://192.168.111.12:8443/ <https://192.168.111.12:8443/>]; Continuing processing...>* 2018-05-17 11:50:46,661 INFO [org.apereo.cas.logout.DefaultLogoutManager] - <[1] logout requests were processed> 2018-05-17 11:50:46,668 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: casuser WHAT: TGT-2-*********************************************************eGcHG1JqHs-client ACTION: TICKET_GRANTING_TICKET_DESTROYED APPLICATION: CAS WHEN: Thu May 17 11:50:46 IST 2018 CLIENT IP ADDRESS: 192.168.111.12 SERVER IP ADDRESS: 192.168.111.12 ============================================================= On Tue, May 15, 2018 at 11:59 PM, Ray Bon <r...@uvic.ca> wrote: > Ramakrishna, > > If the TGT is destroyed, then that SSO session is also destroyed even if > the TGC is not (why TGC is not removed is odd). > If you are still logged in to the client application, your client may not > be part of single log out (SLO). It is up to the client to manage its own > session. > When you say 'valid ticket', do you mean a new service ticket? > > You can try these log4j2 options to see what is happening during the > logout process: > > > <!-- DEBUG service status and logout process and a lot of details > --> > <AsyncLogger name="org.apereo.cas.logout" level="info" /> > <!-- INFO Performing logout operations for [TGT-...] > [number] logout requests were processed > DEBUG ST, principal and URL --> > <AsyncLogger name="org.apereo.cas.logout.DefaultLogoutManager" > level="info"> > <Filters> > <ThresholdFilter level="INFO" onMatch="ACCEPT" > onMismatch="NEUTRAL" /> > <RegexFilter regex="Captured logout request.*" > onMismatch="DENY" /> > </Filters> > </AsyncLogger> > <!-- DEBUG Logout request will be sent to but does not print > anything when login was through SAML 1.1 --> > <AsyncLogger name="org.apereo.cas.logout. > DefaultSingleLogoutServiceLogoutUrlBuilder" level="warn" /> > <!-- DEBUG preparing, processing and logout with URL and ST --> > <AsyncLogger name="org.apereo.cas.logout. > DefaultSingleLogoutServiceMessageHandler" level="debug" /> > <!-- DEBUG SAML logout payload --> > <AsyncLogger name="org.apereo.cas.logout. > SamlCompliantLogoutMessageCreator" level="debug" /> > > Ray > > On Tue, 2018-05-15 at 15:58 +0530, Ramakrishna G wrote: > > On Clicking logout which calls the cas/logout link : > > WHO: casuser > WHAT: TGT-1-****************************************************** > ***CPmWzMzi-I-client > ACTION: TICKET_GRANTING_TICKET_DESTROYED > APPLICATION: CAS > WHEN: Tue May 15 15:45:17 IST 2018 > CLIENT IP ADDRESS: 192.168.111.12 > SERVER IP ADDRESS: 192.168.111.12 > ============================================================= > > > > But i can see that in the browser , the TGC cookie still resides , which > forces me to delete the cookies or close the browser for a fresh login. Is > there any way to avoid this? > > On Sat, May 12, 2018 at 1:45 PM, Ramakrishna G <r...@tts.in> wrote: > > Yes it is redirected to logout page, yet cookies is not removed. When I > refresh it redirects to application with valid ticket instead of > redirecting to login page. > > > On Fri, May 11, 2018 at 8:39 PM, Ray Bon <r...@uvic.ca> wrote: > > Ramakrishna, > > If the browser is redirected to /cas/logout, the cookies will/should be > removed. > > Ray > > On Fri, 2018-05-11 at 19:30 +0530, Ramakrishna G wrote: > > Hello Team, > > On logout CAS cookies are not removed from browser. I need to forcefully > clear. What might be the reason? > > Thanks > Ramakrishna G > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ap > ereo.org/d/msgid/cas-user/1526051367.1797.41.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526051367.1797.41.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/1526408970.1817.28.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526408970.1817.28.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P_2N%2BES8tc7c5Yc7BuzrXYzeQW3d-F33%2BDKpoPN-zmWOg%40mail.gmail.com.
