Hello all, Just a follow up:
Searching through the sniffer's results I can even see app1 server responding to CAS server after the logout POST request is received. app1 server responds with a 302 code, redirecting to app1's URL. Is this the expected behavior? Any ideas on why the server is responding but the filter is not doing its job? 2012/12/6 Rodrigo Parra <rodpa...@gmail.com> > Hi all, > > I tried using a network sniffer in my machine to check if the logout > request is actually received. > It turns out it is, or at least I think so. Here's the sniffer output I > get, the package is sent from CAS Server's host to app2's host on the right > port (8080). > > HTTP POST /app2 HTTP/1.1 (application/x-www-form-urlencoded) > > Data: > > [truncated] > logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-208-DcEmd3af7D6dUcgka67U3TcChxgM3SFgh7d%22+Version%3D%222.0%22+IssueInstant%3D%222012-12-05T13%3A34%3A34Z% > > I also tried the same thing with an application that does not use Guice > (to be sure), same problem. > > I'm starting to think it might have something to do with application > server configuration? > I'm using JBoss AS 7 and haven't changed default settings that much. > > > 2012/12/5 Rodrigo Parra <rodpa...@gmail.com> > >> That was clarifying indeed, Marvin. >> >> I am almost positive that it is a network issue so I will look into it. >> >> Thanks for your help, I will keep you posted. It might take me a couple >> of days, though. >> >> >> 2012/12/4 Marvin Addison <marvin.addi...@gmail.com> >> >>> > If you notice something wrong at a first glance, let me know please. >>> >>> I don't see any problems. >>> >>> > Could Guice be somehow messing with CAS client? >>> >>> Doubtful, but I have no experience with Guice so my opinion is not >>> very meaningful. >>> >>> > About the network environment, I'm not really responsible for it >>> currently, >>> > could you give a hint of where to look? >>> > I mean, what could possibly cause single sign out to fail when single >>> sign >>> > on works? >>> >>> Because the communication is sourced differently. For single sign-on, >>> the source of the communication is the client browser. If you're in a >>> load-balanced environment, the communication likely passes through the >>> LB to both CAS server and CAS clients. For single sign-out >>> communication, the source is the CAS server. That would count as >>> back-channel communication and in many environments does not traverse >>> the same network path as front-channel communication. You'll have to >>> evaluate your network environment for further analysis, but hopefully >>> that brief discussion helps clarify that the communication is >>> fundamentally different. >>> >>> M >>> >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org as: >>> rodpa...@gmail.com >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >> >> > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
