Hi,
After investigations, it seems that it's an issue on the CAS Client side
(owncloud CAS client)
CAS Client response to the SLO BACK_CHANNEL resquest is 405 Method not
allowed
[09/Apr/2019:00:05:57 +0200] "POST /cloud/index.php/apps/user_cas/login
> HTTP/1.1" 405 - "-" "Apache-HttpClient/4.5.6 (Java/11.0.2)"
>
There is indeed not POST route in the Owncloud CAS client
$application->registerRoutes($this, array(
> 'routes' => [
> array('name' => 'settings#saveSettings', 'url' => '/settings/save',
> 'verb' => 'POST'),
> array('name' => 'authentication#casLogin', 'url' => '/login', 'verb'
> => 'GET')
> ]
> ));
>
>
In order to have SLO with Owncloud CAS client, I believe some tunning has
to be made on the CAS client.
Thanks for your help
Baso
Le lundi 8 avril 2019 18:21:03 UTC+2, rbon a écrit :
>
> Baso,
>
> Add some of your own debug statements to CASphp where it processes the log
> out request.
>
> Ray
>
> On Sat, 2019-04-06 at 10:17 -0700, Baso Dupond wrote:
>
> Hi,
>
> The Single Log Out is not working on my basic implementation
>
> I obtain a "Not a logout request" in the Cas-client Log
>
>
> 0A53 .START (2019-04-06 16:15:42) phpCAS-1.3.6 ****************** [CAS.php
> :468]
> 0A53 .=> phpCAS::client('3.0', 'cas.xxxxxxxxxx.fr', 443, '/cas') [
> AppService.php:275]
> 0A53 .| => CAS_Client::__construct('3.0', false, 'cas.xxxxxxxxxxxxx.fr'
> , 443, '/cas', true) [CAS.php:359]
> 0A53 .| | Session is not authenticated [Client.php:938]
> 0A53 .| <= ''
> 0A53 .<= ''
> 0A53 .=> CAS_Client::handleLogoutRequests(true, array ( 0 =>
> '51.68.xx.xx',)) [CAS.php:1276]
> 0A53 .| Not a logout request [Client.php:1739]
> 0A53 .<= ''
>
>
> The CAS log show that logout request is sent
>
> 2019-04-06 18:15:10,832 DEBUG [org.apereo.cas.logout.slo.
> DefaultSingleLogoutServiceLogoutUrlBuilder] - <Logout request will be
> sent to [http://
> extranet.xxxxxxxxxxxxxx.fr/cloud/index.php/apps/user_cas/login] for
> service [AbstractWebApplicationService(id=
> https://extranet.xxxxxxxxxxxxxx.fr/cloud/index.php/apps/user_cas/login,
> originalUrl=
> https://extranet.x.fr/cloud/index.pxxxxxxxxxxxxxxhp/apps/user_cas/login,
> artifactId=null, principal=basil...@xxxxx.fr <javascript:>,
> source=service, loggedOutAlready=false, format=XML, attributes={})]>
> 2019-04-06 18:15:10,833 DEBUG [org.apereo.cas.logout.slo.
> BaseSingleLogoutServiceMessageHandler] - <Prepared logout url [[org.apereo
> .cas.logout.slo.SingleLogoutUrl@ae1f72ee]] for service [
> AbstractWebApplicationService(id=https://
> extranet.xxxxxxxxxxxxxx.fr/cloud/index.php/apps/user_cas/login,
> originalUrl=
> https://extranet.xxxxxxxxxxxxxxxxx.fr/cloud/index.php/apps/user_cas/login,
> artifactId=null, principal=basil...@xxxxxxxxxxxxxx.fr <javascript:>,
> source=service, loggedOutAlready=false, format=XML, attributes={})]>
> 2019-04-06 18:15:10,835 DEBUG [org.apereo.cas.logout.slo.
> BaseSingleLogoutServiceMessageHandler] - <Prepared logout message to send
> is [HttpMessage(url=http://
> extranet.xxxxxxxxxxxxx.fr/cloud/index.php/apps/user_cas/login,
> message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-2-hTkl0dF8f4XPX9-8aeQoJIZY%22+Version%3D%222.0%22+IssueInstant%3D%222019-04-06T18%3A15%3A10Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3Ebasile.test%
> xxxxxxxxxx.fr%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-2-zcTYW858ldyFLPeC9MZ2gL-fGoMvps641230%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E,
>
> asynchronous=true, responseCode=0,
> contentType=application/x-www-form-urlencoded)]. Sending...>
> 2019-04-06 18:15:10,835 DEBUG [org.apereo.cas.util.http.SimpleHttpClient]
> - <Created HTTP post message payload [POST http://
> extranet.xxxxxxxxxx.fr/cloud/index.php/apps/user_cas/login HTTP/1.1]>
> 2019-04-06 18:15:10,850 INFO [org.apereo.cas.logout.DefaultLogoutManager]
> - <[2] logout requests were processed>
>
>
>
> TCPDump on the CAS clien shows that the cas client receives the logout
> Request
>
> 51.68.xx.xx.38168 > 37.187.xx.xx.http: Flags [P.], cksum 0x8209 (correct),
> seq 0:754, ack 1, win 229, options [nop,nop,TS val 2263944706 ecr
> 768689247], length 754: HTTP, length: 754
> POST /cloud/index.php/apps/user_cas/login HTTP/1.1
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 484
> Host: extranet.xxxxxxxxxxx.fr
> Connection: Keep-Alive
> User-Agent: Apache-HttpClient/4.5.6 (Java/11.0.2)
> Accept-Encoding: gzip,deflate
>
> logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-2-hTkl0dF8f4XPX9-8aeQoJIZY%22+Version%3D%222.0%22+IssueInstant%3D%222019-04-06T18%3A15%3A10Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3Ebasile.test%
> 40xxxxxxxx.fr
> %3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-2-zcTYW858ldyFLPeC9MZ2gL-fGoMvps641230%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E[!http]
> 18:15:14.642363 IP (tos 0x0, ttl 56, id 61227, offset 0, flags [DF], proto
> TCP (6), length 52)
> 51.68.70.46.38168 > 37.187.19.72.http: Flags [.], cksum 0x5c2a
> (correct), seq 754, ack 656, win 239, options [nop,nop,TS val 2263944707
> ecr 768689248], length 0
>
>
>
> Is there something wrong in the logoutRequest format ?
>
> Thanks,
> Rgds
> Baso
>
>
>
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe0c5dbe-8cce-48ec-8b4c-4252ee445966%40apereo.org.
