Thanks, Dmitriy. How would I go about doing that? I didn't see anything on the page that Gil referenced (https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out) which mentioned destroying the session store. I guess I figured that session.invalidate() would take care of it.
Thanks, Eric From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] Sent: Friday, December 28, 2012 6:33 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] CAS 3.5.1: Having trouble with Sign-Out When logging out, it would be a responsibility of a client application to destroy its Session store (created by CAS client library) which caches authenticated Principals in it. Dmitriy. Sent from my iPhone On Dec 27, 2012, at 17:45, Farzan Qureshi <fqure...@rosmini.school.nz> wrote: Hi Eric, I confirm that I am also facing the same issue. It looks like that when we log out it does not destroy the cookie/session under the browser though it is destroyed on CAS. I can access the resource without authenticating again on the same browser window. Or in case I close the browser and access again only then I am asked to provide credentials. I am sorry I have no solution to offer but it is happening with us too. Kind regards, Farzan On 28/12/2012 11:31 AM, "Stein, Eric" <ste...@locustec.com> wrote: Thanks for helping, Gil! Okay, I switched to SAML. I needed to do that anyway, so I'm glad to get that out of the way. Unfortunately, I'm still seeing the issue. I'm using Firefox 17.0.1. I log in to my hello-world webapp successfully. I included this link in index.jsp: <a href="/authentication/logout" onClick="session.invalidate()">Log out</a> When I click on the link, it takes me to the cas logoff screen and says I have been logged out. However, when I return to /hello-world, I see the JSP without needing to reauthenticate. I've attached the most recent version of my web.xml file. If anybody has any thoughts, I'd really appreciate it. Thanks, Eric Stein From: Gil Victor Teixeira Pinto [mailto:gilc...@gmail.com] Sent: Thursday, December 27, 2012 2:04 PM To: jasig-cas-u...@googlegroups.com Cc: cas-user@lists.jasig.org; cas-user@lists.jasig.org; Stein, Eric Subject: Re: [cas-user] CAS 3.5.1: Having trouble with Sign-Out Hi, The only difference that i have in my web.xml is the SAML: <!-- SSOut https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> <init-param> <param-name>artifactParameterName</param-name> <param-value>SAMLart</param-value> </init-param> </filter> I've also SAML at: <!-- CAS --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class> <!-- <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> --> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://server:8443/cas/login</param-value <https://server:8443/cas/login%3c/param-value> > </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://server:8080</param-value <http://server:8080%3c/param-value> > </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class> <!-- <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> --> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://server:8443/cas</param-value <https://server:8443/cas%3c/param-value> > </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://server:8080</param-value <http://server:8080%3c/param-value> > </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> </filter> On Wednesday, December 26, 2012 8:24:41 PM UTC-2, Stein, Eric wrote: I've got Tomcat 7.0.25 running with CAS 3.5.1 and a trivial java webapp with one JSP. I added a link from the page to /cas/logout. When I follow the link, CAS tells me I've logged out successfully, but I can navigate back to the page without needing to authenticate again. It looks like tickets are still being granted. I'm also seeing this line in my client webapp: 17:10:01.946 [http-bio-8080-exec-12] TRACE o.j.c.c.session.SingleSignOutFilter - Ignoring URI /hello-world/ Does anyone have any thoughts on what I might be doing wrong? Is there any documentation on sign out/single sign out that I'm missing? Thanks, Eric Stein -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: fqure...@rosmini.school.nz To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager (ad...@rosmini.school.nz). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email. -- You are currently subscribed to cas-user@lists.jasig.org as: dkopyle...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: ste...@locustec.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
