Anyone any hints on where it might go wrong? Thanks! Ralf
________________________________ From: Steppacher Ralf [ralf.steppac...@derivativepartners.com] Sent: Wednesday, October 09, 2013 16:42 To: cas-user@lists.jasig.org Subject: [cas-user] Logout with mod_auth_cas not working Hello CAS users, I am having troubles getting logout with mod_auth_cas to work. I know the documentation in https://github.com/Jasig/mod_auth_cas says that it is an experimental feature... I am using the head version of the master branch as of end of August. When I call the CAS logout URL I receive the log output below from mod_aut_cas. All statements are printed twice. Also, it seems to look at the contents of the POST twice. On the first go it reads the "l" of "logoutRequest", on the second go it reads the rest of the string, which contains the SAML logout request. Could this be a configuration issue that makes mod_auth_cas behave in such a way? Apache log for a single request to https://dev.local.fe2/cas/logout: [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(1954): [client 127.0.0.1] Entering cas_authenticate() [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(578): [client 127.0.0.1] CAS Service 'https%3a%2f%2fdev.local.fe2%2f' [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(526): [client 127.0.0.1] entering getCASLoginURL() [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(503): [client 127.0.0.1] entering getCASGateway() [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(593): [client 127.0.0.1] entering redirectRequest() [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(605): [client 127.0.0.1] Adding outgoing header: Location: https://dev.local.fe2/cas/login?service=https%3a%2f%2fdev.local.fe2%2f [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(1954): [client 127.0.0.1] Entering cas_authenticate() [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(578): [client 127.0.0.1] CAS Service 'https%3a%2f%2fdev.local.fe2%2f' [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(526): [client 127.0.0.1] entering getCASLoginURL() [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(503): [client 127.0.0.1] entering getCASGateway() [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(593): [client 127.0.0.1] entering redirectRequest() [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(605): [client 127.0.0.1] Adding outgoing header: Location: https://dev.local.fe2/cas/login?service=https%3a%2f%2fdev.local.fe2%2f [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(2558): read 1 bytes (l) from incoming buckets\n [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(2558): read 1 bytes (l) from incoming buckets\n [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(2558): read 486 bytes (ogoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-6-JKcjM93PFyxcn5sk2GHmydOmyn7DaTyxbyj%22+Version%3D%222.0%22+IssueInstant%3D%222013-10-09T15%3A13%3A41Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-37-GYLVQn1Ly3mDVH17Obk6-steppra1-linux-mint%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E) from incoming buckets\n [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(2558): read 486 bytes (ogoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-5-fUVEWneUCA79uuTcXJZRrOj1KoQwx91ucZA%22+Version%3D%222.0%22+IssueInstant%3D%222013-10-09T15%3A13%3A41Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-38-pZ0MOWzzXqZEC266GxXp-steppra1-linux-mint%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E) from incoming buckets\n [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(2538): unable to retrieve bucket brigade: This function has not been implemented on this platform [Wed Oct 09 15:13:41 2013] [debug] mod_auth_cas.c(2538): unable to retrieve bucket brigade: This function has not been implemented on this platform mod_aut_cas configuration: CASCookiePath /var/cache/apache2/mod_auth_cas/ CASValidateServer Off CASDebug On CASAllowWildcardCert On CASLoginURL https://dev.local.fe2/cas/login CASValidateURL https://dev.local.fe2/cas/samlValidate CASValidateSAML On CASSSOEnabled On ProxyPass /cas https://steppra1-linux-mint:8443/cas ProxyPassReverse /cas https://steppra1-linux-mint:8443/cas ProxyPassReverseCookieDomain steppra1-linux-mint dev.local.fe2 ProxyPassReverseCookiePath /cas / <Location /> Authtype CAS CASScope . CASAuthNHeader on CASScrubRequestHeaders On Require valid-user </Location> <Location /cas> Satisfy Any </Location> Any help is greatly appreciated! Ralf -- You are currently subscribed to cas-user@lists.jasig.org as: ralf.steppac...@derivativepartners.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user