My guess is that the CAS server had his app server don't trust each other for the SSL connection. He probably should import the certs on each machine or get trusted certs. That was a problem I had.
Bryan Wooten [email protected] Work: 801.585.9323 Cell: 801.414.3593 From: Scott Battaglia [mailto:[email protected]] Sent: Wednesday, August 04, 2010 9:29 PM To: [email protected] Subject: Re: [cas-user] a new single sign out question Try turning your logging up to DEBUG on the server and see if you see anything. On Wed, Aug 4, 2010 at 4:20 PM, Jiangpeng Shi <[email protected]<mailto:[email protected]>> wrote: Thanks a lot for the help. Unfortunately, this seems not work in my case. My understanding about single sign out is: User active CAS single sign out by click a link (or by other ways) like "https://cas.mydomain.com/logout?url=/myapp";, from client app. Then CAS will end this cas session, and send a "POST" request to all registered services. Then in client app side, a filter will catch this request, and end the client session. Please correct me if I was wrong. It seems like CAS server didn't send out any "POST" request to its registered services: From my server's access log, there are no any other POST request, except those from Sign in form.....Do I need to do any configuration in CAS server to enable the single sign out? Any suggestion are highly appreciated. Thanks a lot! --Jiangpeng Shi >>> Bryan Wooten <[email protected]<mailto:[email protected]>> 8/4/2010 >>> 12:04 PM >>> Here is how to do it: https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out Just add the listener and filter to your web.xml. It is working well for me. Bryan Wooten [email protected]<mailto:[email protected]> Work: 801.585.9323 Cell: 801.414.3593 -----Original Message----- From: Jiangpeng Shi [mailto:[email protected]<mailto:[email protected]>] Sent: Wednesday, August 04, 2010 10:51 AM To: [email protected]<mailto:[email protected]> Subject: [cas-user] a new single sign out question I asked a question about an issue that I couldn't logout from SSO by using request.getSession().invalidate(), and acevedo gave me a very good suggestion. He helped me solve my issue very well. But seems I am still having some issues with Single sign out: How can I sign out all client apps when I sign out from one of client apps? My current case is: I have 4 client app, which all using CAS and SSO. For each client app, I am using following code in each client to log out: request.getSession().invalidate(); response.sendRedirect("https://cas.mywork.org:7088/cas/logout?url=/myapp";); For each client, the log out works well, but, seems I have to logout each client one by one, which means I can't logout all client apps all together by just signing out from one client application. Are there any way that we can let user sign out from app and then sign out all other Single Sign On client apps? Thanks a lot in advance. --Jiangpeng Shi -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
