Scott, I have changed log level to DEBUG. Currently I have 3 client app registered as CAS service. I am using casClient2 for testing. Here is the log when I sign in into casclient2:
2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' beginning execution 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated service for: https://cas.mywork.org/casClient2/protected/index.jsp 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in FlowScope: https://cas.mywork.org/casClient2/protected/index.jsp 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' completed execution; result is 'success' 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form object with name 'credentials' 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials' 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form errors for object with name 'credentials' 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor registrar set, no custom editors to register 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors instance in scope Flash 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2010-08-05 10:20:18,261 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing bind 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor registrar set, no custom editors to register 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Binding allowed request parameters in map['_eventId' -> 'submit', 'service' -> 'https://jerrydev.swmed.org:7002/casClient2/protected/index.jsp', 'submit' -> 'Login', 'password' -> 'welcome', 'username' -> 'jshi1', 'lt' -> '_c035BE834-488B-1EED-F4C6-D22BC167079E_k1C6281A2-5517-401C-C5E7-E2CEF387F341'] to form object with name 'credentials', pre-bind formObject toString = [username: null] 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - (Any field is allowed) 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Binding completed for form object with name 'credentials', post-bind formObject toString = [username: jshi1] 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - There are [0] errors, details: [] 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing validation 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Invoking validator org.jasig.cas.validation.usernamepasswordcredentialsvalida...@41dca7 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Validation completed for form object 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - There are [0] errors, details: [] 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors instance in scope Flash 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2010-08-05 10:20:25,433 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - Attempting to create TicketGrantingTicket for [username: jshi1] 2010-08-05 10:20:25,449 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: edu.utsw.ais.cas.authentication.UTSWSimpleAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: jshi1] 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - Attempting to resolve a principal... 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - Creating SimplePrincipal for [jshi1] 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket [TGT-4-Y60gaCx3ERkE20yQiwHQrEwb4c3cOd5RSYyJDet7Qb61xZpjp4-cas] to registry. 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie with name [CASPRIVACY] 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - Action 'SendTicketGrantingTicketAction' beginning execution 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Added cookie with name [CASTGC] and value [TGT-4-Y60gaCx3ERkE20yQiwHQrEwb4c3cOd5RSYyJDet7Qb61xZpjp4-cas] 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - Action 'SendTicketGrantingTicketAction' completed execution; result is 'success' 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action 'GenerateServiceTicketAction' beginning execution 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve ticket [TGT-4-Y60gaCx3ERkE20yQiwHQrEwb4c3cOd5RSYyJDet7Qb61xZpjp4-cas] 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket [TGT-4-Y60gaCx3ERkE20yQiwHQrEwb4c3cOd5RSYyJDet7Qb61xZpjp4-cas] found in registry. 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket [ST-4-VcEh7dDeVitsPs3xCSd5-cas] to registry. 2010-08-05 10:20:25,449 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-4-VcEh7dDeVitsPs3xCSd5-cas] for service [https://jerrydev.swmed.org:7002/casClient2/protected/index.jsp] for user [jshi1] 2010-08-05 10:20:25,449 DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action 'GenerateServiceTicketAction' completed execution; result is 'success' 2010-08-05 10:20:25,527 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated service for: https://cas.mywork.org/casClient2/protected/index.jsp 2010-08-05 10:20:25,527 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve ticket [ST-4-VcEh7dDeVitsPs3xCSd5-cas] 2010-08-05 10:20:25,527 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket [ST-4-VcEh7dDeVitsPs3xCSd5-cas] found in registry. 2010-08-05 10:20:25,527 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket [ST-4-VcEh7dDeVitsPs3xCSd5-cas] from registry And this is the log after I sign out from client app: 2010-08-05 10:21:08,714 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - Removing ticket [TGT-4-Y60gaCx3ERkE20yQiwHQrEwb4c3cOd5RSYyJDet7Qb61xZpjp4-cas] from registry. 2010-08-05 10:21:08,714 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve ticket [TGT-4-Y60gaCx3ERkE20yQiwHQrEwb4c3cOd5RSYyJDet7Qb61xZpjp4-cas] 2010-08-05 10:21:08,714 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket [TGT-4-Y60gaCx3ERkE20yQiwHQrEwb4c3cOd5RSYyJDet7Qb61xZpjp4-cas] found in registry. 2010-08-05 10:21:08,714 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - Ticket found. Expiring and then deleting. 2010-08-05 10:21:08,714 DEBUG [org.jasig.cas.authentication.principal.SamlService] - Sending logout request for: https://cas.mywork.org ( https://cas.mywork.org/casClient2/protected/index.jsp )/casClient2/protected/index.jsp ( https://jerrydev.swmed.org:7002/casClient2/protected/index.jsp ) 2010-08-05 10:21:08,714 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket [TGT-4-Y60gaCx3ERkE20yQiwHQrEwb4c3cOd5RSYyJDet7Qb61xZpjp4-cas] from registry 2010-08-05 10:21:08,714 DEBUG [org.jasig.cas.util.HttpClient] - Attempting to access https://cas.mywork.org ( https://cas.mywork.org/casClient2/protected/index.jsp )/casClient2/protected/index.jsp ( https://jerrydev.swmed.org:7002/casClient2/protected/index.jsp ) 2010-08-05 10:21:08,730 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie with name [CASTGC] 2010-08-05 10:21:08,730 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie with name [CASPRIVACY] 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' beginning execution 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated service for: https://cas.mywork.org ( https://cas.mywork.org/casClient2/protected/index.jsp )/casClient2/protected/index.jsp ( https://jerrydev.swmed.org:7002/casClient2/protected/index.jsp ) 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in FlowScope: https://cas.mywork.org ( https://cas.mywork.org/casClient2/protected/index.jsp )/casClient2/protected/index.jsp ( https://jerrydev.swmed.org:7002/casClient2/protected/index.jsp ) 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' completed execution; result is 'success' 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form object with name 'credentials' 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials' 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form errors for object with name 'credentials' 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor registrar set, no custom editors to register 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors instance in scope Flash 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2010-08-05 10:21:08,746 DEBUG [org.jasig.cas.util.HttpClient] - Finished sending message tohttps://jerrydev.swmed.org:7002/casClient2/protected/index.jsp >From the log file, I couldn't see any information that CAS server sent out >request to all the registered service.....I do see that cas server attempt to >access https://cas.mywork.org/casClient2/protected/index.jsp ( >https://jerrydev.swmed.org:7002/casClient2/protected/index.jsp ).... But even >so, the casClient2 seems still remain signed in if I didn't add >request.getSession().invalidate() in log out process..... Any suggestion is highly apprecated.... Thanks in advance >>> Scott Battaglia <[email protected]> 8/4/2010 10:28 PM >>> Try turning your logging up to DEBUG on the server and see if you see anything. On Wed, Aug 4, 2010 at 4:20 PM, Jiangpeng Shi < [email protected]> wrote: > > Thanks a lot for the help. Unfortunately, this seems not work in my case. > My understanding about single sign out is: User active CAS single sign out > by click a link (or by other ways) like " > https://cas.mydomain.com/logout?url=/myapp"; ( > 'https://cas.mydomain.com/logout?url=/myapp";' ), from client app. Then CAS > will end this cas session, and send a "POST" request to all registered > services. Then in client app side, a filter will catch this request, and end > the client session. Please correct me if I was wrong. > > It seems like CAS server didn't send out any "POST" request to its > registered services: From my server's access log, there are no any other > POST request, except those from Sign in form.....Do I need to do any > configuration in CAS server to enable the single sign out? Any suggestion > are highly appreciated. Thanks a lot! > > --Jiangpeng Shi > > >>> Bryan Wooten <[email protected]> 8/4/2010 12:04 PM >>> > Here is how to do it: > > https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out > > Just add the listener and filter to your web.xml. > > It is working well for me. > > Bryan Wooten > > [email protected] > Work: 801.585.9323 > Cell: 801.414.3593 > > > -----Original Message----- > From: Jiangpeng Shi [mailto:[email protected]] > Sent: Wednesday, August 04, 2010 10:51 AM > To: [email protected] > Subject: [cas-user] a new single sign out question > > I asked a question about an issue that I couldn't logout from SSO by using > request.getSession().invalidate(), and acevedo gave me a very good > suggestion. He helped me solve my issue very well. But seems I am still > having some issues with Single sign out: How can I sign out all client apps > when I sign out from one of client apps? > My current case is: > I have 4 client app, which all using CAS and SSO. For each client app, I am > using following code in each client to log out: > > request.getSession().invalidate(); > response.sendRedirect("https://cas.mywork.org:7088/cas/logout?url=/myapp > "); > > For each client, the log out works well, but, seems I have to logout each > client one by one, which means I can't logout all client apps all together > by just signing out from one client application. Are there any way that we > can let user sign out from app and then sign out all other Single Sign On > client apps? > > Thanks a lot in advance. > > --Jiangpeng Shi > > > > > -- > You are currently subscribed to [email protected]: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected]: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected]: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected]: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
