Hi all, I tried using a network sniffer in my machine to check if the logout request is actually received. It turns out it is, or at least I think so. Here's the sniffer output I get, the package is sent from CAS Server's host to app2's host on the right port (8080).
HTTP POST /app2 HTTP/1.1 (application/x-www-form-urlencoded) Data: [truncated] logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-208-DcEmd3af7D6dUcgka67U3TcChxgM3SFgh7d%22+Version%3D%222.0%22+IssueInstant%3D%222012-12-05T13%3A34%3A34Z% I also tried the same thing with an application that does not use Guice (to be sure), same problem. I'm starting to think it might have something to do with application server configuration? I'm using JBoss AS 7 and haven't changed default settings that much. 2012/12/5 Rodrigo Parra <rodpa...@gmail.com> > That was clarifying indeed, Marvin. > > I am almost positive that it is a network issue so I will look into it. > > Thanks for your help, I will keep you posted. It might take me a couple of > days, though. > > > 2012/12/4 Marvin Addison <marvin.addi...@gmail.com> > >> > If you notice something wrong at a first glance, let me know please. >> >> I don't see any problems. >> >> > Could Guice be somehow messing with CAS client? >> >> Doubtful, but I have no experience with Guice so my opinion is not >> very meaningful. >> >> > About the network environment, I'm not really responsible for it >> currently, >> > could you give a hint of where to look? >> > I mean, what could possibly cause single sign out to fail when single >> sign >> > on works? >> >> Because the communication is sourced differently. For single sign-on, >> the source of the communication is the client browser. If you're in a >> load-balanced environment, the communication likely passes through the >> LB to both CAS server and CAS clients. For single sign-out >> communication, the source is the CAS server. That would count as >> back-channel communication and in many environments does not traverse >> the same network path as front-channel communication. You'll have to >> evaluate your network environment for further analysis, but hopefully >> that brief discussion helps clarify that the communication is >> fundamentally different. >> >> M >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> rodpa...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
